Start here

Ransomware Sucks.

A few weeks ago I started receiving resumés from what looked like legitimate job seekers.  The only problems were a) I am not currently hiring, nor have I put out any feelers that might be misconstrued as I am, and b) There was no cover letter – just a quick note like this:

Hi, my name is re: Les Williamson
I have attached my resume for your consideration.
Thank you,
Les Williamson

There was a file attached of course – a .zip file instead of a .doc or ,pdf file.  I deleted most of them, but I kept one (from  I am not sure why I kept it – I had a feeling I would find a need at some point.

Sure enough, I got a call from someone one morning saying they had a very disturbing full-page message explaining what happened to his suddenly inaccessible files:

What happened to your files?

All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.  Morel information about the encryption keys using RSA-2048 can be found here: (link)

What does this mean?

This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen?

Especially for you, on our server was generated the secret key pair RAS-2048 – public and private.  All your files were encrypted with the public key, which has been transferred to your computer via the Internet.  Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do?

Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.  If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

The bottom half of the page gave the links for the sites where the customer could pay the ransom.

Why is it called Ransomware?  Imagine the e-mail were to read like this:

What happened to your daughter?

We have moved your daughter to a secure, undisclosed location for her safe keeping.

What does this mean?

This means that your daughter has been taken from you and imprisoned and you will never see her again… unless you follow our clear instructions.

How did this happen?

After seeking out someone who was vulnerable and had everything to lose, we followed your daughter until she was alone and unprotected; we knocked her out, bound her hands and feet, gagged her, and moved her… somewhere.

What do I do?

DO NOT CALL THE POLICE.  If you do then you will never see your daughter again.  If you ever want to see her alive, do exactly as we say and when we tell you.  If you do not – if you delay, if you call the police, if you try to find where she is being held, we will move her, and make it a lot more expensive (and painful) for you to recover her.

Yes, I am sorry to say… your daughter data has been kidnapped, and is being held for ransom.

So what do I do?

My customer had a lot of very good questions about the attack. 

‘If I pay what they ask will they give me my data back?’

It sounds reasonable… but the phrase Honour Among Thieves went out of fashion a long time ago.  There is no morality to the people who hijacked your data, and there is no way to know for sure if you will get your data back.  What is more likely is that once you have used whatever method of payment you use (credit card, bank account, Paypal, etc…) they will go the next step and steal more from you, except this time they will have a direct line to your bank.

Can we just recover my contacts or some of my non-encrypted data?

No.  Here’s the thing: Your data is encrypted because your computer is infected.  Even if we were able to decode the data, your computer is still going to be infected.  And even if we clean out the infection, your data is still going to be encoded.

The image I want you to bring to mind is of one of those hospital shows where everything is fine, and then Patient Zero comes in with a weird cough and rash, and the entire hospital goes on lockdown and everyone is walking around in space suits.  This is some very seriously scary stuff, and I don’t want it anywhere near my live environment, or my lab environment.

Can it be hacked?

In a word: No.  If we had the computing power of the National Security Agency (NSA) in the US, then it is possible that they have a way to decrypt it; but a 2048-bit private-public paired key combination is not something you are going to crack in your basement… it was designed to make sure that the secrets you want kept stay kept.CryptoWall

This is a screenshot of the bottom half of the message… the ‘how to conveniently pay us’ part of the ransom note.  I have altered it so that the personal page of the actual victim is obfuscated, but otherwise this is what you would see.

If you navigate to any of the payment servers, you will see the following:


While it is nice and intimidating to see a padlock similar to the one I used on my high school locker, I can assure you that this is not just a screenshot that you can dig in behind and hack.  The parent sites are all registered at, and if you navigate to them without using a translator site (like then you will get a Russian language page.  Being fluent in Russian will not get you anywhere… you have to pay up and then maybe you will get your data back.

If you don’t think these criminals are serious about their security and anonymity, I invite you to read up on the TorBrowser.  It is part of the TOR Project, or The Onion Router, which bounces your connection through over 6,000 relays rendering the source virtually untraceable.  A recent NSA document referred to it as “The king of high-secure, low-latency anonymity.”

The Silver Lining

In preparation for this article I wanted to play with the package; I wanted to actually watch it work.  I formatted an air-gapped PC with Windows 10, downloaded the package, and extracted it.  Immediately Windows Defender popped up the warning that it had detected and eliminated malware.  Yay Windows Defender!  However in this case I do not want you to protect my PC… so I disabled Windows Defender and the file extracted properly.

I let it run… nothing.  It popped up a Javascript error (yes, the package is a .js file within the .zip file, and any of you who are willing to open this when e-mailed from a stranger probably deserve a kick to the derriere). 

Windows 10, out of the box, protected my PC from this malware using several tools, not the least of which was the fact that Java is not installed, and scripts cannot run, and all sorts of other good stuff.

The Bad News

Most of you are not running Windows 10 yet.  You are probably running Windows 8, or more likely Windows 7.  I will over the next few days play around with this malware on those systems, but let’s for the time being assume that your computer is vulnerable… unless you use some common sense.


For years I have been warning users against opening e-mail attachments.  It has always been a bad idea; this relatively new threat has escalated the threat and made it very real.  Most malware can be cleaned out, either by Malware removal Tools or whatever.  This new threat encrypts your data, and if it is not properly backed up somewhere then you are going to have a very bad day… and so will your IT Department.

Ransomware really does suck.  It is not just compromising your data, it is holding it hostage.  If you never saw any other reason to make sure your systems (and knowledge and common sense) were up to date, this should be a wake-up call.

By the way, my client was not out in the middle of Asia or Africa… he was in Toronto.  This is a threat here… wherever here is to you.

Windows to Go: Ironkey gets it right

Back in 2012 I spent a lot of time talking (and writing) about Windows to Go (WTG).  This was Microsoft’s newest feature that allowed you to install Windows 8 on a USB key.  In theory I loved it, in practice… well, most of the USB keys that I tried it on (the certified ones, and not just the ones that I got for free at trade shows) worked… they just didn’t work very well.  They were… flimsy is probably the right word.  I had finally built my key just right, and one day I was demonstrating it to a group in Tokyo and… it just stopped.  It turned out, after hours of troubleshooting, that the connectors were not connecting properly.  After speaking with the company (who made me follow a less-abridged version of the troubleshooting steps I had already taken) offered to replace the key for me under warranty.  A few months later we had the same conversation on the replacement device.

So when I walked into the Ironkey booth at MS Ignite in Chicago this past May, I was intrigued by two promises they made: They told me that they are  MilSpec (Military Specifications, which means they should be nearly indestructible), and they promised it was full lengths faster than the competition.  I told them that I wanted to see that for myself, and they obliged by sending me two devices: An Ironkey W300, which is a heavy-duty 64GB key, and an Ironkey W500, which is just as heavy-duty, but includes hardware encryption.

I want to start by saying that I have nothing bad to say about either device.  However there are only so many hours in a day, and if I am going to get any work done (you do realize that I have an actual day job, one where they expect me to accomplish things) I could spend a little while testing both devices, but I was only going to focus on one of them.  Since the W500 is hardware encrypted, I made that my own, and only ran some cursory tests on the W300 before handing it off to an associate.

I should mention that there was another reason that I handed the W300 off… My colleague James is a Mac user, and the hardware encryption of the W500 is not compatible with the Mac.  For that reason the W300 was perfect for him.  However let me be clear: if I hadn’t been extremely satisfied by the performance of the hardware-encrypted W500 I would have kept the W300 for myself.  Yes, there is a difference between the two; it is less of a difference than you would notice if you switched out your solid-state drive (SSD) with a 15k rpm hard drive though.  That is to say that although the actual speed tests that I ran do show a marked difference between the performance of the two, to the naked eye for what I do on a daily basis there is very little difference.

At First Glance

There are some hoops to jump through in order to create the W500 as a Windows To Go (WTG) device.  Because it is natively encrypted you have to download the Administration Toolkit from their website, so that your Windows OS can recognize and build the key.  Okay, I am willing to live with that… after all, it is still easier than taking off my shoes and emptying my pocket at the airport.  You also have to download the Customization Toolkit, which modifies the install.wim file that you are going to use to build the key.  No problem, it took a few minutes and it was done.

If you are a normal user and are willing to RTFM then the process is fairly simple.  If you are like me and figure it will just work the way you think it will work, then it might cause a bit of frustration.  However once you realize that you don’t know everything and read the instructions, things go very smoothly.

W500So here’s what I did: I unlocked the device, I modified my ISO, I put the device into Configuration Mode, I created my Windows to Go (that was the same Windows wizard I already knew), and then I put the key back into Deployment Mode.  All in all it might have taken half an hour or so.  No big deal. 

When you put the device back into Deployment Mode it asks if you want to modify your hardware so that it will boot from USB before any other device.  If you are using the same computer for both (or even just for testing) then this is a good idea.  However my primary use case for WTG is work from anywhere on any device.  Make sure you know what key allows you to select the boot device before you boot it up… on HP it’s F9.

So we were off to the races… I built the key on a Lenovo T420s that I have at the office, and it seemed so simple to just reboot that device into my WTG environment.  Ok fine.  As it was booting I got the Windows 8 logo… and then an unfamiliar screen.  I arrived at the Ironkey Pre-boot environment, prompting me for my password.  Password entered, it rebooted into Windows for me.

**Note: At this point I should mention that I started these tests on the key with Windows 8.1.  On July 29 I downloaded the ISO for Windows 10 Enterprise and rebuilt the key.  So please note that while I may say one or the other edition at any point, the experience was quite similar, so interchangeable.

My Windows 10 environment loaded up on the Lenovo very quickly, despite booting from a USB key.  While I had the option to join it to my corporate domain, I opted to configure it with my Azure Active Directory ( because I would be using it for both business and personal.  I did add the VPN client for my corporate domain though, because I wanted to make sure I could use the key the way I originally intended it, and the way I hope my users will use it when we deploy across the company.

So I knew what Windows to Go could do because I worked with it before; the proof of the pudding is in the tasting though, and I wanted to see how this device would really feel from the user’s perspective.

In a word… seamless.  Once you are in Windows I notice no difference between using WTG and not… and that was always my concern with the other USB environments I had previously sampled.  This key showed the potential to be more than the ‘when all else fails’ alternative… it wants to be (and can be) a first class device that its competition never could be.  It is fast, it is solid, and it is reliable (a major area of contention with previous devices, as mentioned earlier).  While I didn’t perform the drop-test while inserted in a USB port (more out of fear of damaging the computer than the USB key), I did do a drop test.  I was listening to a podcast earlier and they talked about the standard four-foot drop test.  That’s nice of course, but if you have a USB key that can’t survive 4’ then you didn’t get your money’s worth.  No, I dropped this USB key from the second floor balcony of the cigar lounge where I am currently sitting, then walked down, picked it up off the concrete floor, then came back up and booted back into it.  No problem!

Two of the other devices I had tested either came apart or just stopped working reliably after a couple of weeks in my pocket (with my keys and coins).  Ironkey’s W500 laughed at that test… not even a scratch. 

Until recently I had the key connected to my keychain.  It made for a heavier and more unwieldy keychain to be sure, but I was fine with it… and it was only when my girlfriend borrowed my car for a day that the lanyard wire connecting the key to the keychain came open and got lost.  I suppose a woman’s purse may be no match for the pairing… but the Ironkey worked fine.

So my T420s worked great, but how about switching to another device?  I plugged it into my Surface Pro 3 and booted up.  I had to install device drivers, but it worked great.  But these are two pretty modern, corporate devices that are lovingly maintained by myself and the IT department at Kobo.  What about something less… modern and well-maintained?

In my girlfriend’s living room there is a computer that I would not want to spend a lot of time working on.  She readily admits it is ready to go to the corner – although she is wrong… it just needs a new hard drive.  Until recently she used it to watch Netflix and… that’s it.  It wasn’t good for anything else, seeing as it took 20 minutes to boot.  It’s old (the Windows sticker on the bottom says Windows Vista), but it is still an HP Pavillion… it shouldn’t be too bad.  It doesn’t have USB 3.0, so I wouldn’t expect much from it.  Once I installed the device drivers onto the Ironkey W500 Windows this 10 year old laptop purred like a kitten… I mean it really worked flawlessly!  It still popped up warnings that hard drive 0:0 was dying, but that did not affect how well the device worked.  It just.. worked!

That use made me think once again of all of the possible use cases for Windows To Go… I could now go into any Internet cafe, any hotel business centre, any mother-in-law’s place in the country, any airport lounge; No matter how poorly they maintain their computers, I can boot into my own hard drive on their ragged virus-ridden hardware and still be productive.  That rocks, because I do get to those places on a surprisingly regular basis!

W300So knowing how happy I was with the W500, I went back and borrowed the W300 from my colleague. Yes, I promise you will get it back… just let me see how well it works next to the W500.

Honestly I was surprised… while it is definitely faster, I didn’t feel like I was getting out of a Ferrari and into a Trabant… more like I was getting out of a Toyota Camry and into a Corolla.  Yes, the Camry is faster… but the Corolla is very close.  I spent a day working on it before giving it back, and when I went back to the W500 I was not at all disappointed by the very minor speed difference… I am happy to make the allowance for the security…

…and that is not to say that the W300 is not secure… it fully supports BitLocker drive encryption, which is absolutely solid and more than most people would need in an encryption layer. 

Both devices are the same size by the way… 81mm x 21mm – that is to say, about 3.2” x .9”.  They have not blocked the adjacent ports on any computer that I have tried them on.  They also (surprisingly, since Microsoft told me this would not work) both booted just fine when connected via a USB 2.0 hub.  That means that even on my Surface Pro 3 I don’t have to sacrifice my only USB port in order to use it.

In this day and age of terabyte hard drives it is hard to imagine that I could be satisfied living off a 64gb USB key… but remembering that most of my files are on-line anyways, this worked just fine for me.  What it did do was make me think do I really need this… every time I went to install another application.  I also considered disabling my Outlook Cached Mode, but then I wouldn’t have access to my e-mail off-line, so I decided to set the cache to a week instead of a month.

But what if it gets stolen?

I have said many times before that if someone steals my computer then I don’t care if they have a new device for themselves… as long as they cannot access my data.  I can always buy a new computer, but my data is not only irreplaceable, but in someone else’s hands it can be disastrous.  So the W500 has two different modes, that I call Self-Destruct and Soft-Destruct.  The default behaviour is simple… if you type the password in wrong ten times, the key self-destructs.  The circuits inside the key fry.  By the way, that is also what happens if someone tries to pry the device open (and Ironkey has made that extremely unlikely).  Soft-destruct is less… terminal.  After 10 wrong password attempts it wipes your device back to clean… I tried this before, and that is exactly what happened.  I was able to rebuild it as a new key, but there was no data left on it… not even traces.


If you need a solid and reliable device for Windows to Go, then there is nothing to think about… this is the only device for you.  Oh and if you are running an IT department and concerned that deploying dozens or more of these keys will be cumbersome, rest assured that Ironkey will provide you with the tools to deploy as many at a time as you have USB ports.  They also have a great tool for managing the hardware… if you want more information I’ll introduce you to them.

If you are worried (dare I say… paranoid?) about security, then this is also the device for you.  Whether you want to use it as an individual, or centrally manage hundreds or thousands for your organization, you will not be disappointed.

I definitely give the device two big thumbs up.  By the way, the majority of this article was written on a patio in Burlington, Ontario… with a cigar lit, and my Surface Pro 3 running my Windows To Go environment.

Thanks Ironkey!

Working From Anywhere

Over the years I have written extensively about methods of working from anywhere using various technologies including Remote Desktop, Virtual Desktop, Remote Apps, Virtual Apps, and Windows To Go.  I have been a huge advocate of many of these, both in my blog, in my professional life, and in my capacity as a community leader and trainer.  One day this week I decided to cut the cord and see if what I had really worked.

I am going to preface this article by saying that while I often write about things I have done or built for my clients, I seldom talk about who those clients are for the sake of discretion.  It will not be difficult for people to figure out what company I am currently working for, so I am going to discuss the projects and solutions in generalities, and for the sake of information security I am going to be very vague about some of what I discuss.

The project outline was simple: Build a virtual desktop infrastructure (VDI) for a conglomerate that owns over a hundred companies in over 25 countries.  Make sure it is stable and useable and all of that good stuff that will make the users want to use it, but make sure it is secure enough that IT departments of banks and governments and militaries would be proud of.  Oh, and make sure that if users are unable to get to their office computer – say, like the 2013 Toronto Flood or a tsunami or snow blizzard or sick child – that they can still do their work as if they were in the office.  No problem.

Once the infrastructure itself was built, we were pleased with it, but because of the security involved we couldn’t simply connect from anywhere; say, if I was at an Internet cafe in South America we would have to assume that the computer was compromised (virus, malware, spyware, etc…) and so as to protect the corporate data, security was added to prevent this.

Without going into the details, there is a VPN connection that needs to be established, and before that VPN application is even installed for the tunnel to be created a certificate must be installed.  These are things that you cannot do on just any computer.  Solution? Windows to Go.

I have written and spoken about Windows to Go (WTG) extensively since it was introduced in Windows 8.  It is essentially a clean installation of Windows on a USB key; I can boot any computer from the USB key, and whatever malware may exist on the local hard drive of the computer is completely out of the equation – that hard drive is offline.  So I keep a USB key in my pocket that has a clean installation of Windows 10 Enterprise (it has to be Enterprise) with all of my applications… including my VPN connection and my certificates.

One night I got to my girlfriend’s house and realized I had left my laptop bag at home.  I panicked for a minute, thinking I would have to go home to get it before going into the office.  Then I realized that I had the key in my pocket… no problem!  I decided to practice what I preach.  I wouldn’t be at an Internet cafe in some far off exotic location… I would be sitting at my desk in my office, using an old, laptop that we used for testing whatever.  It was not domain joined, it had not been scanned.  It had certainly not been customized to my needs and did not have my applications or certificates on it.

When I got into the office I picked up the laptop from the IT Department (as hard as it may be to believe, I do not work with the IT Department in my office), and went back to my desk.  I popped the USB key (an Imation W500 that will be the focus of an upcoming article) into the only USB 3.0 port, and booted it up.  After entering my credentials (the Imation W500 is a hardware-encrypted key) it booted into Windows 10, into my familiar environment, with my applications… and most importantly, with my VPN client.

One thing you might have issues with when using Windows to Go is networking; if you are going into an environment where you have to track down a Wi-Fi code then it can be tricky.  As I was sitting at my own desk, of course I know the Wi-Fi password, but I also have a wired connection.  I connected that, and then established my VPN connection.   Once I did that it was a simple URL to connect to the VDI environment… and I was working as I would from my own corporate laptop.

While I hope this never happens, if my laptop were to be stolen (or lost or destroyed) this solution means that I would not lose any productivity while waiting for a replacement device to be provisioned.  It also means that if I go away on vacation, I could log in from my personal laptop (which I would likely bring) without having to worry about bringing a corporate laptop too.

I think back to the day I logged in to my home computer from an Internet cafe in Buenos Aires when I was there in 2004 for my first wedding.  I shudder at what malware might have resided on the PC that I used then.  With the Windows to Go, VPN, Firewall, and all of the other security measures we have in place, that could not happen today.

So that evening I went back to my condo and picked up my laptop back and brought it into the office the next morning.  I decided to live without it for a few days… it will sit in a drawer waiting for a meeting that I need to go to and take notes at (the PC I am using with WTG does not have a touch screen, let alone a stylus).  In the meantime I will continue to ‘eat my own dog food’ and work with WTG.  Let’s see how long it takes before I long for my Surface Pro 3 again!

Live Writer: Not gone, just a pain in the Windows 10.

I have been blogging with Windows Live Writer for a very long time.  So when Microsoft did not see fit to install a Universal App (formerly Windows 8 app) of it, I was glad that I could simply install the same old version… and even if they were not going to upgrade it who cares, because the old version does everything I needed it to do.

So when I installed Windows 10 last week one of the things I had to do right away was, of course, install Windows Live Writer.  Aside from the fact that I have a new OS and need my familiar apps on it, a new OS release is one of the prime times you want me to be blogging, right?

Crap… Windows Live applications do not seem to be friendly with Windows 10.  Is this the end of an era?  I don’t think so.  As someone once said, where there’s a will, there’s a way.  (My friend Al Aronson used to say that where there’s a will, there’s a relative… but that’s another topic)  I started looking around… and finally I found Stefan Stranger’s article on it.

**NOTE: If you upgraded from Windows 8.1 and had Live Writer installed, you may not need to do this, and it might work without any of these hoops.  If so, carry on!

Step 1: Download the Windows Live installer from this link.  Note there are other places you can download it from, but they do not appear to work.

Step 2: From Windows PowerShell navigate to the directory where you saved your file (c:\Users\Mitch\Downloads) and run the following command command: .\wlsetup-all.exe /AppSelect:Writer /q /log:C:\temp\Writer.Log /noMU /noHomepage /noSearch

There will be several moments of… nothing.  There is only this:


However if you wait a few minutes, the application will be there… just like magic!


See that?  At the top, right under SnagIt in Recently Added.

On the one hand I am really glad that I figured out how to make this work (Thanks Stefan!).  On the other hand, I wish Microsoft would invest in upgrading some of the tools that we love, even the free ones.  Yes I know there is no money to be made from a free blogging tool, but come on… The people who use it are the people who blog about you, and we can either give you lemons or laurels.  Windows 10 overall is getting a laurel… but the fact that the Live tools (remember when you made a huge deal about these because you were taking apps out of Windows 7?) have not been upgraded in forever is a big, juicy lemon.

Windows 10–A few days in

IMAG0901By the time you read this, we will be a few days into August, which means that Windows 10 started to become available a few days ago, and chances are this is not the first piece you are reading on Microsoft’s newest OS.

Over the past few years Microsoft has been talking about a single OS for every platform. Windows X seems to be that. I don’t have an Xbox (or any other gaming console), nor do I have a Windows Phone (Sorry Cortana, I’m with Siri). However I do have four different installation types that I have installed on, and am glad to share.

Docked Tablet/laptop/desktop

Because I have so many other portable devices, I find my (personal) Surface Pro 3 stays docked more than 90% of the time. It was the first of my devices to upgrade to Windows 10, simply because it was the device that I used for my Insider builds of Windows 10 beta. It was a seamless experience, and when the Start Menu (and not the Start Screen) takes up only a bit of real estate on the giant double monitors, it was great. I played with Cortana a bit, but I have not been home enough to really give her a go.

imageFull (i7) Tablet

My corporate Surface Pro is managed by the company, and as such upgrades and patches are blocked until approved by Tokyo. However I have a bit of a cheat… more on that later.

7″ & 8″ (Atom) Tablet

If you read my blog recently you know that I have a pair of HP tablets – the Stream 7 and the Pro Tablet 408. The Stream is still waiting its turn, but on Wednesday (GA Day) I had the 408 open on my desk when it told me the upgrade was ready. The process took longer than on my other devices – wifi combined with a slower Atom CPU – but it was seamless. I glanced over at it occasionally to see that it was still going, but it was only as the clock approached Bingo Hour (the time I need to leave my office to catch a train) did I get nervous. The upgrade finished at Bingo -2 minutes though, and I was good to go.

Windows To Go

Woohoo! If you have ever heard me discuss WTG you will know I am a fan, a lot more so now that I have discovered the Imation Ironkey W500. Fast, secure, and milspec indestructible.

I will be writing a separate article on my Windows To Go experience… Believe me, I am happy with it… but mostly because I have my Ironkey USB key.  I suspect that when I try it on the other devices that I had tried I will be just as unhappy with the overall experience as I was with Windows 8.1.

What you will lose when you update

Here is where I first noticed something that irked me: All of my Windows 8 Apps (now known as Universal Apps) were there… but my legacy apps (including Microsoft Office and Live Writer) were nowhere to be found. I am sure if I went looking through my Windows.old directory they would be there, but an Upgrade is supposed to be just that.

Microsoft wants us on Universal Apps; I get it. When I worked for them they were very specific about reminding users that their corporate IT department can side-load corporate apps, and their deployment tools will already be set up for their legacy apps. Now I am Mitch Garvis, and I know a thing or two about Windows and deployment and installing. What about the 50 year old housewife who agrees to an upgrade because Windows Update recommends it, then finds out that all of her programs are gone? She probably doesn’t have a record of every program she used (many of which she bought on-line) and has now lost, if only because she forgot how or where or what.

Fortunately most of the apps I need have worked the way they need to… one exception was Windows Live Writer, but with a little help from my friends I was able to figure out how to get that to work (see article).  However let me give Microsoft one huge LEMON for not telling us that our legacy apps will be gone… and in some cases may not be recoverable.

What should I do BEFORE I install?

While Microsoft has made upgrading to Windows 10 (Windows OS X?) easier than ever, there are a few things that you should still do before upgrading.

  • Back it up!  Hello, haven’t you been listening for the last twenty years?  If you don’t want to risk losing it, take a backup of your system… just in case.
  • Make a list of the programs you have installed.  Your Modern apps on Windows 8 won’t be a problem because in the worst case you can still go to the Windows Store and see a list of the apps you have bought or installed in the past.  However anything else – the programs which weren’t installed from the Windows Store – are probably going to be gone.  You may not want to re-install some of the programs you had on your old system… but making the decision to not re-install is different from not re-installing because you forgot it was there.
  • SNAGHTMLd3023f

  • Along the same lines, before you run through that upgrade go through the list of programs and see what you might have to re-download, or at least make sure you have a license key for/ them.  Also remember that some application licenses track installations, and you might have to uninstall before being able to re-install.
  • Have your drivers handy.  If you have any known OEM brand there is probably a directory on your system with all of your drivers… c:\swsetup or something like that.  Just to be safe, and especially if you have custom drivers installed, you might want to make a copy of the directories c:\Windows\System32\Drivers and c:\Windows\System32\DriverStore.  If you forget, don’t worry… it will still exist somewhere in the c:\Windows.old directory that the upgrade will create.
  • Clean out your hard drive.  Remember, GIGO.  Remember, a good defrag never hurt anyone Smile


    What if you are still not sure?

    One of the great things about the age we live in is that we can dip our feet in the water without diving right in.  If you are unsure if you really want to upgrade your system before you get a chance to try it out, most modern systems will allow you to create a virtual machine and install an instance on your existing OS without affecting what you have.  Whether you do it with Hyper-V, VMware Player, or Oracle VirtualBox it doesn’t matter… just remember that the experience you will have will be that of a virtual machine, and you should test features and feel rather than performance. 

    When you decide that you like it, then you can go ahead and install.  Until you do, remember that what you have still works, and most of the features that are new to Windows 10 are great, but you have lived your entire life to date without them… you can go another few weeks.

    Caveat Installer

    I was hoping to spend a few hours on Tuesday upgrading my corporate tabtop (laptablet?).  However I had also hoped that a particular project would be done by then, but no such luck, I had to spend a few more days working on it.  While we keep hearing that the upgrade is a seamless process, it is not always quick… while you can continue working on your stuff as the bits download, once the actual installation starts your computer may be unusable for a couple of hours. If you have several systems available to you that might not be an issue, but since I can only connect to my corporate network from my corporate device, I decided to put this one on hold until I know that I have a few hours to relax.  (It should also be noted that I have already verified that most of my apps, most importantly my custom VPN client, will work.)

    How do I know if my program will work?

    If you are an IT Pro for a large organization, you should be installing lab environments and running compatibility tests for everything you need.  If you are an individual and are unsure if your applications or devices are compatible, there’s a site for that.  The Windows Compatibility Center allows you to type in any software package and find out.  So if you are one of those who bought Adobe Acrobat 7 and never paid for the upgrades, you can type that in to the tool and you will get this page.  Now granted, there are a few different submissions for the same package, and you can also end up with this page.  Obviously there is ambiguity, but at least you know that some people have said there are issues, so you should be careful.  If, on the other hand, you want to know about QuickBooks 2012 Pro, you will see that nobody seems to have an issue (see page).  However if you have any app or program that you are worried about and on which your productivity depends, I always recommend spinning up a virtual machine or Windows To Go key and see if it works firsthand.

    By the way, one of the areas around which compatibility has always been an issue come new OS time is printers and other devices.  We have to recognize that the device manufacturers who made your LaserJet 4000n in 2001 are the same ones making modern printers today, and while they will probably get around to releasing a driver for legacy hardware eventually, their main responsibility (and source of income) is their latest and greatest.  Once their newest drivers work on Windows 10 they will probably go back and write one for the hardware they stopped officially supporting during the Clinton Administration.

    Where is Mitch TODAY?

    I started writing this article on July 30th, one day after Windows 10 was officially released.  Because of my participation in certain programs I did have the final bits on one device a couple of weeks earlier, but it was only on the 29th that I got in line and waited like everyone else.  Here we are, a week later, and this is where I am:

    I have several devices working on Windows 10, including my personal Surface Pro, my HP Pro Tablet 408, and my work/test Lenovo T420s (docked).  Additionally, I have also created a Windows to Go (WTG) key on the T420s, which is really a combination of everything, and a computer unto itself… to prove that, in the middle of this very paragraph I saved my work, shut down the WTG on the Lenovo, plugged my USB key into my Surface Pro, and I am now working very happily in the same place on the same installation of Windows, but on a different CPU, monitor, keyboard, and mouse.  That’s pretty cool; expect an article on Windows To Go in a few days time.

    My corporate Surface Pro 3 and my personal HP Stream 7 are both still running Windows 8.1.  Why?  The reasons for each are different; the Surface Pro 3 needs my company to get a license for Windows 10 Enterprise assigned to it (which I could easily get around by using my own license, but seeing as you probably just finished reading the paragraph called Caveat Installer a few minutes ago, you will know I have other reasons as well.  The HP Stream hasn’t been upgraded yet because, like many of your computers, it is still waiting in line for the go-ahead.

    Incidentally, if you received an e-mail ostensibly from Microsoft telling you to click here to install Windows 10, do not do it.  There seems to be a new ransomware going around – what this package does is encrypts your data and doesn’t give it back to you until you pay in untraceable Bitcoins.  In other words, don’t do it… it won’t turn out well for you.


    As I walked away from my desk this morning with a couple of colleagues I said, out of the blue, that I was actually enjoying the Windows 10 experience.  There are certainly things that I am not happy with, and things I haven’t yet figured out.  However for the most part I am happy with it.  It integrates better with my Windows Account Microsoft Profile than any previous iteration of Windows, it saves my having to redo all sorts of work on each device I use, and with few exceptions all of my apps run on it.  If we assume that Microsoft spends millions of dollars trying to not repeat the mistakes of the past (notice the Start Menu is back), and learning from those mistakes, the user experience of Windows 10 should be exactly what the customer (you and me!) ordered.

    Should you upgrade? That’s up to you… as I mentioned in a previous article it is no longer my job to convince you to do so.  However if you do want to, you will probably not regret it!

  • Deal on the Stream 7!

    Over the past few months I have written a few articles about the HP Stream 7 (Stream-lining-A review of my new companion device, A Tale of Two Tablets).  So when I got this e-mail today from eBay I thought I would share it with you… in case you are interested in a 7” tablet that comes with a one year subscription to Office 365, all for $98 Canadian (About USD$80).


    If you read my second article (A Tale of Two Tablets) you will know that this device does not hold a candle to the HP Pro Tablet 408… but since that device will run you USD$400, you may consider the Stream 7 good enough.  I know I would!

    Where’s My… <Fill in the blank Admin tool>?

    If you are me you like that every few years we get a new version of Windows.  Great new features, new tools, new this, new that… and new frustrations trying to figure out where the hell all of my tools are!

    Yeah yeah I know… this is the last version of Windows we are getting as a major release; from now on it’s going to be incremental updates released as patches.  Frankly I don’t know how crazy I am about that idea, but okay I’ll live with it.  In the meantime I want to know where I go to adjust my time and date, set default programs, add devices, set up ODBC data sources, and so much more. 

    We know where those were in Windows XP, and then Windows Vista came about but nobody really used it anyways.  Three years later we got Windows 7 and they were moved, but we got used to them.

    Windows 8 came about and they were moved again… crap, now not only do we have to find them, and this time I don’t have the Start Menu to look in.  Oh wait, here comes Windows 8.1, and my Start Menu is back… but they’ve moved my tools again!  Phew, I found them… just in time for them to release Windows 10.

    So there is a hidden trick in Windows… it has been there since Windows 7 (DO NOT try it in Windows Vista… as if there was a lot of chance of that!) that allows you to place a full ‘Admin’ file on your desktop.  Do this:

    1. Right-click on your desktop and click New – Folder.
    2. Name the folder Admin.{ED7BA470-8E54-465E-825C-99712043E01C}.

    That’s it!  You now have a shortcut on your desktop called Admin (Although technically you can call it anything you want).  It will look like this:


    When you open it up it will look like this:


    Notice the scroll-bar along the side… there are dozens of categories, which are:

    • Administrative Tools
    • AutoPlay
    • Backup and Restore
    • BitLocker Drive Encryption
    • Color Management
    • Credential Manager
    • Date and Time
    • Default Programs
    • Devices and Printers
    • Display
    • Ease of Access Center
    • File Explorer Options
    • File History
    • Fonts
    • HomeGroup
    • Indexing Options
    • Internet Options
    • Keyboard
    • Language
    • Mouse
    • Network and Sharing Center
    • Pen and Touch
    • Personalization
    • Phone and Modem
    • Power Options
    • Programs and Features
    • Region
    • RemoteApp and Desktop Connections
    • Security and Maintenance
    • Sound
    • Speech Recognition
    • Storage Spaces
    • Sync Center
    • System
    • Tablet PC Settings
    • Taskbar and Navigation
    • Troubleshooting
    • User Accounts
    • Windows Defender
    • Windows Firewall
    • Windows Mobility Center
    • Work Folders

    Wow… 42 categories, and 250 items.  That’s a lot of admin tools all in one place! Smile

    So go ahead and try it… It won’t hurt, it will just be one more icon on your desktop.  Frankly if you are like me, it will allow you to remove several desktop shortcuts that you placed previously Smile


    %d bloggers like this: