Drivers? Drive Me!

By now, it is likely that I do not need to explain to you that a hardware driver is a piece of software that allows your computer (through the operating system) to communicate with a hardware component.  You know that, right?  Good.

You are ready to install a new operating system on your computer.  You do not want to perform an in-place upgrade, you really want to install it from scratch.  The question is: What drivers do you need?

I saw this question come across my Twitter feed the other day, and there were a couple of really good answers.

  • Use the Windows System Information, which can be saved to a text file; or
  • Use the driverquery command line tool.

As you know, I am a big fan of using the command line, so let’s use this one (which I already knew, but since Buck Woody (@BuckWoodyMSFT) posted it in his Twitter reply, I will credit him)

driverquery /v /fo csv >drvlist.csv

The switches:

  • /v gives you the verbose list.
  • /fo specifies the format of the list
  • csv means the formatting is Comma Separated Value
  • >driverlist.csv is the name of the file that it will save.

So when we run this on my current computer, we get an output that looks like this:

drivers

Of course, it is 385 lines long, but I am happy to share a snippet.  I opened the fine in Excel, and I formatted the titles as bold and underlined.

Of course, you may want to filter it to only RUNNING drivers, but the truth is, there are several drivers that are STOPPED that should still be reinstalled with your new operating system… I see the WacomPen driver near the bottom, and while it is stopped, I do occasionally use my stylus, at which point it will be started.

Most users do not, on a daily basis, need to know (or really care) what drivers are installed in their computer.  Everything works, they are happy.  When you are re-installing your operating system, you have several things you need to gather… a list of installed applications, but also your drivers.  By keeping this list handy, you will not be at the mercy of Plug and Play technology finding everything – including your video drivers – correctly.

(You should notice that all of your drivers are stored in the c:\WIndows\system32\drivers\ directory, so it might be a good idea to copy this directory to an external device before starting.  That directory on my computer is 106MB, so not too bad.  This includes two video drivers, which are often the largest (The two that I have are both around 7MB each))

Something else that you should remember when re-installing Windows, there are still some drivers (especially print drivers) that do not want you to simply installl the drivers; they want to install their entire application suite. If that is the case, make sure you have the installables handy.

With Windows 10 Version 1809 set to be re-released sometime soon, this might just come in handy for some of us!

Advertisements

Does Microsoft Listen?

You were all excited to upgrade your existing Windows 10 installation to the Fall 2018 update.  On October 2nd you downloaded the bits to Version 1809.  You installed it, using the same in-place upgrade process you have been using for years.  You realize that you have lost data… crucial data… a lot of it.  You hope (even as you understand the futility of it) that reverting back to the previous version (say… Version 1803) will restore your data.

It doesn’t.  You knew that it wouldn’t… but you are disappointed nonetheless.

Fortunately, you have the EaseUs Data Recovery Wizard Pro (or realize you need it badly, and you go online to buy it), and you are able to (relatively) easily recover your lost data.  You have lost a few hours of your time, and more importantly, you have learned a valuable lesson… sometimes the leading edge is going to cost you.

The truth is, mistakes happen.  As soon as Microsoft discovered this flaw in their new version, they immediately made an announcement and pulled the bits from their download site.  That doesn’t mean that people are not going to get it elsewhere, but there is only so much that a company like Microsoft can control.  Mistakes do happen, and they will learn from their mistakes, right?

Here’s the problem… Microsoft has several tiers of users for Windows 10.  Most of us are on the regular semi-annual channel.  There are users on the fast-track channel for Windows Insiders who started seeing and reporting this bug (on the Microsoft Feedback Hub, where we are supposed to report bugs in pre-release technology) months ago.  Hey, Microsoft!  When I tried to install the latest bits that you sent, it deleted my data! There have been reports like this for months, and yet it was ignored.

So what’s the point?  If Microsoft is not paying attention, why bother reporting on problems?  Microsoft is swearing up and down that they won’t do this again… but how many times have they done this before?  With earlier releases of Windows 10… Windows 8, Windows 7, Microsoft Office?  This is far from the first time… so why would believe them when they say that it will be the last time?

Liam Tung wrote a very good piece for ZDNet last week that described the issue, and how the Microsoft Feedback Hub works.  He quotes does a very good job of explaining how Feedback Hub works, and how it is likely that the “…tons of reports in Feedback about data loss on upgrade” did not get voted on or grouped together, resulting in the problem being buried.

There was a time when you had to be chosen to be a beta-tester for Windows, and you were chosen based on several factors, not the least of which was community participation.  Microsoft listened to us because they respected us.  Today, when anyone can flip a switch and become a Windows Insider (essentially a modern-day beta tester), there is no common voice, and everyone throws their comments online without looking at other comments, which means mistakes like this are going to happen.  Maybe it is time for Microsoft to admit that their communities (which they were once so supportive of) were the best line of defense they had against disastrous mistakes like this.

Of course, Microsoft is not too big on admitting they made mistakes, and the one they just admitted to is a pretty big one, so I wouldn’t hold my breath.

Windows To Go: State of Mitch’s Union

I have been writing about Windows to Go (WTG) since Windows 8 was in beta, and I have not stopped because frankly, I think it truly is an amazing tool.  I have never really gone without a WTG key, but there have been times when it has been much more important… namely, when I was working for another company.

When I was running SWMI Consulting Group I always had my personal laptop joined to my corporate domain, and it was easy to simply segregate business and pleasure by maintaining separate profiles.  Log off – Log on – all good.

When I was with Microsoft and Rakuten I always on contract; I maintained completely separate laptops for both, but I also provisioned WTG keys for both domains because frankly I got tired of carrying both laptops with me… or even having to make sure I had the right laptop with me when I left the house.

Now that I am with Cistel, I have a corporate laptop which I think I once took to a client’s site, mainly because I prefer my personal device… but I would never think of connecting my personal device to the domain at a client’s site, especially since there are Secret Clearance issues involved.  Once again, Windows to Go provided me with the perfect solution.  I always have a WTG key provisioned that is joined to the Cistel corporate domain, which I boot into whenever I am at my client’s site… or anywhere else other than my desk at Cistel, where my corporate laptop acts as a very expensive desktop computer.

KingstonThe list of USB keys that I have used for Windows to Go over the years is long and comprehensive.  I started out with the Kingston DT Ultimate and then the Super Talent RC8 (32GB), which were essentially the inexpensive ways to go.  Before I joined Rakuten someone gave me a Kingston Data Traveler (also 32GB), which I believe I used for a few weeks before giving to my assistant in Tokyo.  You get what you pay for of course… the Kingston now holds music for my car stereo, and the Super Talent went into the garbage at some point because it would not stay connected.

IronkeyThe first device that was truly a professional grade Windows to Go key that I got was the Imation IronKey Workspace.  Actually I had (and still have) two of these… the W300 is a spectacular key that is not hardware encrypted, and it still works brilliantly.  The W500 is hardware encrypted, which I thought was spectacular, and for a couple of years was why I used this one as my always provisioned Windows to Go device.   Unfortunately when Kingston bought Imation they stopped supporting it, and while they say it should still work, I have not been able to provision it with any version of Windows later than Windows 10 v1703.

Spyrus WSPThat leaves Spyrus.  I have been wracking my brain for when and where I picked up the Spyrus Worksafe Pro device, and while I think I figured it out, it doesn’t really matter… This is the device that is my current go-to Windows to Go device… and has been since earlier this year when I gave up on the IronKey W500.  The Spyrus Worksafe Pro is a spectacular device that is military-grade security, hardware encrypted, and yes… still supported.  I have had my Worksafe Pro (64GB) configured on the Cistel domain since April… so about six months.  It is solid, reliable, and it goes everywhere I need to go.  I love the fact that unlike all of the other keys mentioned, its cap is attached, so impossible to lose.  Unless something drastic changes, this is what I will be using for the foreseeable future.

Honourable Mention

ApricornThere is one more device that I have used for WTG, and I still carry it wherever I go.  The Apricorn Aegis Secure Key 3z Flash Drive is unique to this group in that it has a physical keypad, and cannot connect to anything unless that key has been entered.  Enter the key incorrectly too many times, and your key self-destructs… that is, the security certificate that decrypts your information on the key does, and the data is useless.  I got the Apricorn earlier this year, and I really do like it… it is not actually Windows to Go Certified, but it works nonetheless.  However, I decided to use it for other purposes – i.e.: as a portable storage device.  As great as it works for WTG is how great it is as portable storage.

I spoke with a representative from Apricorn earlier this year, and they told me that they did not go through the Windows to Go Certification program because it doesn’t seem there is anyone at Microsoft focusing on this anymore.  I did not reach out to Microsoft to confirm, but I do like the key, and I use it on an (almost) daily basis… just not for WTG.

Never Tried

Of the brands that were actually certified for Windows to Go by Microsoft, the only one that I never tried was the WD My Passport Enterprise.  I actually have a couple of these drives, and have never had an issue with them.  I also never thought that they would make an ideal WTG drive, simply because, for me, WTG is something I can carry in my pocket.  If I am carrying a laptop bag, I might as well carry a laptop.  Yes, I know, there are reasons… the bottom line is I never tried it.

Actuality

As I finish this piece, I am working on my Spyrus Worksafe Pro WTG key, chiefly because I am sitting at my client site waiting for them to get back to me on something.  Over the last few weeks this drive has seen a lot of action.  I found a bug in either Windows 10, the Surface Pro 4 firmware, or the key itself that has been driving me batty, and I have been working with the Spyrus engineers to see if we can fix it.  After the first ten minutes of my first call with them we figured a work-around, so I am able to continue to work.  I was worried because they were not able to reproduce the problem, and it wasn’t until Day 6 that they discovered that another member of their team is having the same problem.  Believe me, it is not an issue that I will worry about, because the workaround is a single key stroke… and frankly, it might be that last deterrent before a hacker (who has already stolen the physical key and hacked the twenty-two character complex password to get this far) would get into the environment… or, at least, to the point where he could guess my complex password to get into that environment.

Partly because of the bug, and partly because it was that time, last week I re-deployed the key with Windows 10 version 1809… and then just like that, mostly because I was working with the Spyrus engineers but also partly because Microsoft recalled version 1809, I re-deployed the key with Windows 10 version 1803.  It (the key) has been joined and un-joined and then rejoined to the Cistel corporate network more times in the last week than I care to count.  I have deployed and then redeployed all of the software that I consider necessary for the environment, including:

  • Microsoft Intune client (anti-malware, etc…)
  • Microsoft Office 365
  • Techsmith SnagIt
  • VPN software and connections
  • Google Chrome
  • My password vault management tools
  • Skype for Business
  • ZoomIt
  • BGInfo

and, of course, so that I can write these blog articles for you,

  • Open Live Writer.

One day I might look into creating a deployment environment that builds the keys for me, so that whenever a new version of Windows 10 does come out, I just have to press a few buttons… but the truth is that I don’t mind installing these applications by hand… it’s not that tough, and it is something I can usually do while doing something else.  Besides, there is no better example of the truism “The shoemaker’s children go barefoot!”

That pesky single-USB port device…

The system that I use most often for my WTG environment is my Microsoft Surface Pro 4 hybrid.  Yes, some people love it, others hate it.  I’ve been using a Surface Pro since the day it was released in 2012, and I am happy to sacrifice a few minor things for the lightweight portability and flexibility.  Unfortunately, one of those ‘minor things’ you have to give up (out of the box) is multiple USB ports… and when your only USB port is taken over by your primary hard drive (as is the case with WTG), you may find yourself in a bit of a pickle… file-1enter my friends at Juiced Systems, who make a device called a Universal USB 3.0 Media Adapter (pictured), which takes that single USB port and makes it two, plus adds both an SD Card and Micro-SD Card adapters.  Strictly speaking, I seem to recall that when Microsoft announced WTG, they said specifically that it will only be supported when connected directly to the computer, and not through a USB-hub or docking station.  Supported or not, it works, and I am happy with the performance.

What you may notice in the picture is that the Spyrus Worksafe Pro is not only connected to the media adapter, but even at that it is connected by a USB cable.  That is because the device itself is wider than most USB devices, and would otherwise prevent connecting the second USB device.  Fortunately, the 3” cable is solid and an easy workaround.

So where are we?

Windows to Go is one of the features that I thought was going to be a huge game changer for Windows when Windows 8 was released (see article).  Unfortunately, I have not seen as much adoption as I expected; in the six years since it was released, I have encountered a few, but not many, organizations that have adopted it.  The excitement and buzz that was felt in the room at MVP Nation, the event where I demonstrated it for the first time at a public event, did not convert into the masses running out to buy compatible devices and evangelizing it to their customers.

So be it.  I have, over the course of my career, backed a lot of technologies.  Some of them were home runs (Hyper-V, System Center), others… not so much (Windows Phone, Essential Business Server).  I know of a lot of features in Windows that are lesser-used, but they leave them in because… well, why not?  I hope that Windows To Go does stick around; I do not know what the worldwide adoption is, but I use it, I love it, and frankly, I rely on it.  If you use it, I would love to hear from you… how do you use it?  What do you use it for?  What device (or devices) do you use?

Have a great weekend!

BSOD Issue: Nothing to do with Windows Updates

This week many users were working on their computers and received a Blue Screen Of Death. It started happening right after a Windows Update cycle, so it stood to reason… right?

Wrong.

In this particular case, a vendor driver (I believe it was with HP) started causing issues. Not good… but not catastrophic.

Why am I writing this? Simple. If I were to draw up a list of he most important steps to take to keep your computer safe from intrusion and malware, patch management would have to be in the top two or three. No question, every time. Don’t ignore them because you don’t trust them.

Microsoft releases patches on a monthly cycle. Some of these patches are features, other types of improvements, and whatnot… and some of them are security updates. If you are not a power user, apply them, period. If you are a power user, you might want to do some sort of testing, or maybe check online forums with people who do, and then apply them. If you are a massive corporation with huge IT infrastructure, test them and then apply them.

Do you see a pattern forming here? I am not saying that you have to apply every patch… but most of us don’t know how to pick and choose, so yes! Apply every patch!

As for the bad ones… they happen. Not often mind you, but from time to time. When that happens, read the blogosphere to see how to remove them, or to avoid them.

You wouldn’t stop eating cucumbers because you got one bad cuke, would you? I didn’t think so. Apply your patches and stay safe 😉

Face Recognition Issue in Windows 10

file1Before anyone gets upset, let me be clear that there is no issue with Facial Recognition in Windows 10… at least, not that I am aware of.  It is not a security flaw; rather, it is a usability issue that I have with the functionality.

I have several computers that I use on a regular basis, and many of them have several accounts – personal, corporate, test, and so on.  Because Windows is trying to be helpful, the second I ask to log on, it looks to see if I am there… it sees me, and it logs me on to the account I did not want to use.  Ok, so I log off that account, and before I can log on to the appropriate account… It sees me and it logs me on to the other account again! Really, there seem to be a number of ways around this:

  1. Cover the camera until I enter my password for the correct account;
  2. Wear a mask (or other appropriate face covering that would likely not be sanctioned by the Gouvernement du Quebec; or
  3. Disable the Face Recognition feature.

fileFacial recognition is a great technological advancement… and if you are only using the one account, you should be fine.  If, however, you have to switch between accounts, then you may agree with me that there are better ways of implementing it.  I recommend, if the product team is interested:

Hey! It looks like we see Mitch Garvis (personal) sitting at the computer.  Would you like to log on to that account?  Say ‘Yes’ to continue.

Remember when you first set up your Windows 10?  Cortana wouldn’t stop talking about how happy she was to help you… why can’t she be helpful here? “Hey, is that really you, Mitch?  Stroke your beard to continue!” …or something equally mundane and simple.  Not “I see you, and you best not even think you can hide from me, Mitch!”

I have decided to turn the Face Recognition (that is not a mistake… Microsoft refers to it as Face, and not Facial recognition) feature off for now… at least, on the devices with 3D cameras.  It’s too bad… A lot of people may want my passwords, but nobody really wants to look like me!

1809 Recalled

It was launched on October 2nd, but word is that Windows 1809 has been recalled due to bugs. I downloaded it on Tuesday, but it is not currently available, so I have to advise all of my readers to hold off deploying it until Microsoft rereleases it.

Microsoft has a tradition of launching major releases at large events, so it was not a surprise that they announced the launch at the Microsoft Surface event in New York last week… but they also have a tradition of launching products before they are ready, which is why so many people are careful about installing immediately, and waiting for the first (or second) patch cycle seems to be the safest bet.

There was a time when I was almost always running pre-release software, but I spent too much time chasing bugs to be as productive as I need to be. I played with 1809 on my Windows to Go (WTG) keys, but I am glad I held off deploying to the main systems.

We will have another conversation about this in a few weeks, but for now I have to concede that the latest Microsoft OS offering has indeed fallen flat.

Windows 10 1809: What’s New

windows-10-logo-fontLast night I was pleased to hear that, as predicted, Windows 10 version 1809 dropped at the Microsoft Surface event in New York City.  While it may or may not be available for you via Windows Update this morning, I downloaded the ISO yesterday and went right to work.  Well, to be more specific, I skipped my lunch break and went right to it.

As I wrote earlier in the week, my first use case for the new version of Windows 10 (1809, the October 2018 Update, or Redstone 5) will be for my Windows to Go key, which stopped working with my primary device when I updated the firmware recently.  I was concerned because, in the past, you were not always able to create a Windows to Go key from an operating system running an earlier build.  Fortunately that does not seem to be the case from 1803, and I was able to get it going.

The feature that most people seem to be talking about is the dark theme for File Explorer, which is enabled using the Colors page under the Personalization section of Settings.  Okay, it is nice that we have the choice… but this is something I experimented with many years ago using third-party tools, and I decided that the default scheme is just fine by me.  I will not be making this jump.

Something that will be big for developers, especially cross-platform types, is the new option to Open Linux shell here, in the File Explorer expanded context (Shift + Right-Click).

Something I hope I remember to use, because I have often thought how useful it would be, is the Clipboard History feature.  Press Windows Key + V, and you will see what you have copied to the clipboard before.  For the security conscious among us, there is an option to Clear All in that menu, which will be useful when sharing machines.  Additionally, there is a Clipboard page in Windows Settings, where you can modify the settings for the Clipboard, including synchronizing across devices.  Cool.

There is a new Game Bar and Game Mode feature that I have heard discussed.  As someone who never plays games on his PC, I cannot address this… but I have heard that in this new mode you will not be interrupted for system maintenance such as Windows Updates.  Feel free to try it on your own 😉

I like that the Bluetooth and other devices page under Settings now displays the battery level of connected devices.  I hate when I am watching a movie on a flight (using my Bluetooth beadset) and the batteries die… this will give me warning to charge them when needed.

Also under Settings, the different networks will show Data Usage, allowing you to monitor in case you are tethered to a network such as a cellular phone.  You can also see usage per app, in case some of your background applications are using more data than you expected.

HD Color has been introduced to the Windows Settings page. For those who are video fans, this should be a nice addition.

There are a lot of new features being added to Narrator, for people who use it.  As well, SpeechInking, and Typing is being split into two pages under Settings, with Speech getting its own context page.

I will not pretend to be a big fan of the extended emojis available with Unicode 11 (there are apparently 157 new emojis, including superheroes and redheads).  As a forty-six year old man I occasionally use the 🙂 and 😦 emoticons… and I don’t concern myself with the Unicode graphics of them.

For those of us who use tablets and hybrid devices, the on-screen keyboard now includes SwiftKey intelligence, so you can swipe from letter to letter, rather than lifting your finger and tapping every key.  It learns your writing style, and will give you more accurate auto-corrections and predictions over time.

There is more to Windows 10 1809, and over the next few weeks I am sure I will address more of them in this space.  In the meantime, I invite you all to try it for yourself, whether in a virtual machine (download the ISO and create a VM), or on your production machine (either from Windows Update, or downloading the ISO and reinstalling your OS.  It will be interesting to see

A PowerShell Gotcha

powershell1_thumb.jpgI was bulk-creating users for a test environment today, and in doing so, I borrowed a script from an article online, which set the password for all users to ‘Pa$$word’  I usually use a variation on the same for test environments, but I opted to leave this one as it was.  The script worked.

A few minutes later, I went to log on as one of the newly created users, and the computer returned ‘The password is incorrect.  Try again.’

I spent a few minutes troubleshooting, until I realized… PowerShell uses the dollar sign ($) for variables.  I deleted the users, then changed the script to use a password like ‘P@ssw0rd’.  Sure enough, it worked.

The moral of the story… When using PowerShell, remember that the $ means something, and might break things if you use it for other things.

Have fun!

April Updates Bring May Frustrates

Okay, I know the grammar in my title is terrible, but I know so many people (including myself) who have had a number of frustrating issues that arose from Microsoft’s April patch cycle.  I will not go into all of them, but one in particular has been annoying me of late.

image

Okay… but this is my corporate laptop, and I don’t remember having a D Drive.  I know my C Drive is running low, but that is only as a percentage… My actual free space is still over 13GB free.  But… where did that 489MB D Drive come from?

image

Most computers running any modern version of Windows is likely going to have a hidden partition… or two.  One of them, the ESP Partition, is used by computers adhering to the Unified Extensible Firmware Interface (UEFI).  It should be around 500MB in size, and before you ask, do not think about deleting this partition… unless you are partial to non-bootable system devices.

The Recovery Partition is usually a 450MB partition that has some information that Windows would need if you decide to clean up… I leave it there because what’s the harm, right?  Until April that is…

If this partition was there in March (and September, for that matter), and nothing has written to it since, why are these Low Disk Space warnings coming up all of a sudden… and every five minutes, just to make matters more annoying?  The answer is simple… and so is the solution.  For some reason there was a  drive letter assigned to the volume all of a sudden… and yes, it has to do with one of the April patches from Microsoft.

Solution:

1) Open the Disk Partition Tool (diskpart.exe).  If your current user is not a member of the local administrators security group, you will have to provide administrative credentials.

2) Type list volume.

image

Here we see a list of partitions (volumes) on the computer.  Volume 0 is obviously my active partition… it is 237GB, the Label is OS, and the Info says Boot.

Volume 1 is my Recovery Partition… 490MB, with no Label, no Info, and the Drive Letter is D… but there is absolutely no reason for this volume to have a drive letter.  Let’s get rid of it.

3) Select the volume in question by typing Select Volume # (where # is the number of the affected volume)

4) Type Remove Letter=”X” (where X is the Drive Letter in question)

5) Type List Volume

image

The affected volume should no longer have a Drive Letter assigned… and your problem should be resolved.

6) Exit DiskPart immediately.  (Type EXIT)

**IMPORTANT NOTE: I have two things to say here:

  1. If you are not an IT Professional, you should really consult a professional before doing this yourself.  DiskPart.exe is possibly the most dangerous tool that Microsoft provides you with Windows, and should be used very carefully.
  2. If you are planning on doing this on your corporate machine, STOP RIGHT THERE!  There is a very good chance that even if you know what you are doing, and even if you have the administrator credentials needed to perform these actions, that doing so without consulting your IT Help Desk will result in a policy violation, and can be grounds for serious disciplinary actions.

If this is your personal computer, and if you are comfortable using DiskPart, this should solve your problem.  If you are concerned, you should let a professional do it for you.  However, if you are comfortable doing it yourself, this should have solved your problem.  Thanks for reading!

image

Deleting User Profiles

“How do I delete old users from a Windows 10 computer? I log in as an administrator, navigate to c:\Users\, and delete their tree.”

NO!  In fact, HELL NO!

There are several reasons why you might want to delete a user profile from a computer. ranging from termination of employment to reallocation of systems to… well, you get the picture.  There are a few of ways you can do it, but there are only a couple of ways of doing it right,

Recently I was working with a client who encountered a situation where a few of his domain users’ local profiles were corrupted on a corporate system.  I told him that the simplest way of fixing the issue was to delete the user profile, so that when the user next logged on, it would re-create the profile for them.  They called me back a few minutes later reporting that they were now receiving the following message when the affected users logged in:

We can’t sign in to your account.  This problem can often be fixed by signing out of your account then signing back in.  If you don’t sign out now, any files you create or changes you make will be lost.

Okay, that led me to believe they had simply deleted the c:\Users\%username% directory, and we had to clean up that mess in the registry (under “KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList”, delete any entries that have the .BAK extension).

Okay… now that we have learned how NOT to do it, here’s how you should do it:

1) Open Control Panel > System and Security > System in the affected machine.  The simplest way to do this in the more recent releases of Windows 10 is to click Run – sysdm.cpl.

3) In the Advanced tab of the System Properties window, in the User Profiles section, click Settings…

image

4) In the User Profiles window, click on the user you want to delete, and click Delete.

image

**NOTE: You will not be able to delete the account you are logged in as, nor the default Administrator account.

Of course, you will be asked if you are really really sure that you want to delete the account, and you can click Yes or No as you wish.

There are ways to do it in PowerShell… but they don’t seem to be very clear or very easy.  For this one time, I strongly suggest the GUI.

What is in a Name?

Recently a client asked me to build a series of virtual machines for them for a project we were working on.  No problem… I asked what they should be named, and the client told me to call them whatever sounded right.

That did not sound right… or at least, it turned out to not be right.  Indeed, the client had an approved server naming convention, and when the manager saw my virtual machines named VM1, VM2, VM3, and so on… he asked me to change them.

If we were talking about a single server, I would have logged in and done it through Server Manager.  But there were fifteen machines in play, so I opted to use Windows PowerShell from my desktop.

Rename-Computer –ComputerName “VM1.domain.com” –NewName “ClientName.domain.com” –DomainCredential domain\Mitch –Restart

The cmdlet is pretty simple, and allowed me to knock off all fifteen servers in three minutes.  All I needed was the real names… and of course my domain credentials.

The cmdlet works just as well with the –LocalCredential switch… in case you aren’t domain joined.

image

That’s it… have fun!

Offline Files: Groan!

You’ve configured Folder Redirection in Group Policy, and it works as expected… as long as you are connected to the network.  As soon as you disconnect, things stop working.  That may be a real inconvenience if you are redirecting your Photos, but if you have redirected your Desktop folder to a network share, there is as good chance that your computer will be rendered unusable… that is, until you reconnect to your local network.

We came across this issue recently at a client’s site, and we spent a few aggravating hours trying to get things working, to no avail.  Remember, this is something that I have been doing since the days of Windows 2000, and the procedures have not changed significantly in that time.  I was baffled… until I realized that we were working with a File Server Failover Cluster, and that our servers were Windows Server 2016.

There is an option in clustered Server 2016 shares that is called Enable continuous availability.  If this option is checked (as it is by default), then even if you have done everything right… even if your Offline Files are properly configured, you are going to click on a file in that properly configured folder, and in the Details tab it will be listed as Available: Online-Only.

How do we fix that?  Simple… uncheck the box.

Capture

  1. In Server Manager, expand File and Storage Services, and then click on Shares.
  2. In your list of shares, right-click on the one where you are redirecting your files and click Properties.
  3. In the Settings tab, clear the checkbox next to Enable continuous availability.
  4. Click Okay.

Incidentally, the file share will only be listed under the cluster node that is the current owner.  Don’t worry about doing it at the Cluster Level, although if you prefer to do it in Failover Cluster Manager, you can perform the following steps to achieve the same results:

Capture2

  1. Connect to the relevant failover cluster.
  2. Navigate to Roles
  3. Click on your File Server Role in the main screen.
  4. In the Details pane below, select the Shares tab.
  5. Right-click the relevant share, and click Properties.
  6. In the Settings tab, clear the checkbox next to Enable continuous availability.
  7. Click Okay.

The Properties window will be identical to the one that you saw under Server Manager.

You shouldn’t have to refresh your group policy on the client, but you may want to log off and log on to force the initial synchronization.

That’s it… Good luck!

What’s My WiFi?

A lot of changes have been made to Windows 10 over the nearly three years since its release as the last desktop operating system that Microsoft would be releasing.  Some of those changes have been substantive, others purely cosmetic.  Over the last few versions, they have done quite a bit to remove any of the Windows 7 look-and-feel to the operating system, or at least hiding it.  For those of us who have been using Windows for more than thirty years, it is often annoying that something we used to be able to do without thinking now takes a bit of a fight with the operating system in order to achieve.  As an example, it used to be pretty simple to find your WiFi password.  It is still possible in the GUI, but it is much more convoluted… and at that still requires dropping into the ‘Windows 7’ Control Panel in order to achieve.  (See below)

image

While there is not really a Windows 10 GUI way to glean the same information, there is a command line way to do it.  The command is:

netsh wlan show profile “NETWORK NAME” key=clear

This will result in the following output:

SNAGHTML1df3a914

Incidentally, this will not only work for the wireless network that you are currently connected to.  You can use the following command:

netsh wlan show profiles

to show all of the wireless networks that you have connected to, and then use the same command, like so:

image

image

(For the curious, the wireless network BELL570 no longer exists, and the password to my iPhone (which is not called Mitch’s iPhone) is not MyPassword.)

So now you see there are still ways to extract your wireless password, even if Microsoft is making it more arduous to do so.

Ironkey Fail: Time to change.

WTG keysThere is probably no good reason why I have four (4) military grade USB keys on my key ring with Windows To Go (WTG) configured on each one… but since 2015 I have written about four different devices, and I keep all of them.  Of course, they are not all always up to date… but when a new version of Windows 10 is released, I try to upgrade either some or all of them.  I skipped 1709, so I decided to take an afternoon and recreate all four keys on Windows 10 1803.

My Apricorn key worked just fine.

My Spyrus key worked just fine.

My Ironkey W300 (the one without hardware encryption) worked just fine.

My Ironkey W500 (the one with hardware encryption)… did not.

I spent a few hours trying to make it right, but to no avail.  I finally gave up (for now) deciding to come back to it later on.  And then I got an e-mail press release from Spyrus, claiming that ‘…SPYRUS Windows To Go Device Trial Pack with SEMSaaS Device Management to Replace Competitive Devices that Do Not Support Recent Windows 10 Updates’

Interesting… I decided to go through my archives and see if I would be able to create a Windows To Go installation with an earlier version of Windows.  Fortunately on one of my external hard drives I found an ISO for Windows 10 1703 Enterprise (remember that we need the Enterprise SKU for WTG!) and I spent a few minutes working on it last night.  Presto, it worked!

So the good news is: If you have an Ironkey W500 (or W700 I would think), it will still work with Windows 10 (1703 and earlier). 

The bad news is: your USB key which you spent hundreds of dollars on will only work with an operating system that will go out of support in a few months, and unless Kingston changes its policy (which seems to have been to ignore the Ironkey acquisitions and let the products die) then this is unlikely to change.

I do not know if that policy will change, or if there is something going on behind the scenes that we do not know about.  What I do know is that there is a control panel that the Ironkey toolkit installs to the install.wim file before you deploy it from the Windows To Go Control Panel, and that control panel does not seem to be compatible with Windows 10 versions later than 1703.

And so, I hate to do this, but I have to revise my previous statements.  I will give the Spyrus Workspace Pro a big thumbs up, and I will give the Apricorn Aegis Secure Key 3z a big thumbs up.  The Ironkey W500, I’m afraid, is now a do not buy

KB4103723: DO NOT APPLY!

image

Hey folks, if you know what is good for you, do not apply this patch yet.  KB4103723 protects against a CredSSP vulnerability that has not yet been compromised.  However, it will break lots of things in your system, including RDP and Hyper-V connections.  Errors will include CredSSP errors when trying to connect via RDP (or Hyper-V Manager, or Failover Cluster Manager, or SCVMM).

Remote Computer: This could be due to CredSSP encryption oracle remediation.

Good luck!