Let’s Go: Creating a Windows to Go Hybrid Device

WindowsToGoRecently I wrote a review of the Apricorn Aegis Secure Key 3z Flash Drive, a spectacular USB key with some great security features, including a unique keypad that requires you to unlock your device before connecting it to your computer.  The same day I received a comment.  Anthony asks:

Would you be able to provide a link with the exact steps to create the Image of WTG on the USB key?

Anthony, it will be my pleasure.

Firstly, I reviewed my archives.  It seems that I have written a couple of articles on the subject.  The first one, when Windows 8 was in beta testing, showed how to do it from the command prompt… before there were GUI tools.  That article is here.

A couple of months later I wrote about doing it in Windows 8 RTM, with the GUI tools.  That article is here.

With that said, both of these articles are now over five years old, and both pertain to Windows 8.  I figure it is time to update them.  So we are going to do a couple of things here:

  1. We are going to create a new Windows to Go key ;
  2. We are going to modify the key so that we have a 15GB data partition.

I will be honest, I was going to go through the process of creating the Windows to Go key using PowerShell, but the preferred method (from Microsoft) is to use the Windows to Go creation tool.  I would rather use that.  If you want to use PowerShell, there are some articles I can point you to… but they are all a lot more complicated than they need to be.

Create Windows To Go

I have mounted the Windows ISO file (Windows 10 Build 1709)  to my E:.  My USB key is clean and virginal and ready to go.

1. Launch the Windows to Go Control Panel from the Start menu (or Cortana… just type in Windows to Go and it will come up).


2. Select the drive you want to use (only drives that are compatible will be displayed), and click Next.

In the next screen, you should have the option of Windows 10 Enterprise. 


If your screen is blank, perform the following steps:

  1. Ensure your Windows 10 Enterprise image is mounted;
  2. Click on Add search location;
  3. Navigate to the location where your .wim file is located (in my case, it is e:\sources\)
  4. Click Select Folder.

You should now see your image… and others, if the .WIM file contains different images.  Please remember, while you can select any of these, only Windows 10 Enterprise Edition will work for Windows to Go.


Click Next.

3. Now you can enable BitLocker and set a password for it.  I am not going to enable BitLocker for now, because I plan to resize my partition later.  If I did not plan on resizing, I would do it here, then click Next.


The next screen is the ‘Ready to create your Windows To Go workspace’ screen.  It will reassure you that this is not a two second process, and should take some time.  It also warns you that the process will wipe out any information on the drive.  That is why I generally like to use new keys for Windows To Go… or, you know… back my stuff up first!


When the process is complete, you will have the option to have Windows change your boot order, so that your system tries to boot from USB first.  I do not generally choose this option if creating from my desktop, simply because it is not uncommon for me to have three or more USB drives connected to some of my computers… and most of them are not bootable.  However if I am creating a key from my laptop, I do prefer it.


Okay, my Windows To Go key has been created, and I am ready to go… but not quite.

Create Data Volume

Okay… according to Windows Explorer, I have a 59.2 GB drive with 44.4 GB free space.


As I mentioned, I want to use this device as a hybrid… part Windows To Go, part portable storage.  So I am going to shrink the size of my Windows drive by 15 GB, leaving me a respectable 29.4 GB free on my WTG drive, and a 15 GB data partition.

This is one of the steps that is easier in the GUI.  I played around a little bit in PowerShell, and the following cmdlet worked:

Resize-Partition -DriveLetter “F” -Size 44.28GB

The reason I say it is easier in the GUI is simply because you can reduce by a certain amount (15GB, for example), whereas in PowerShell you have to reduce to a certain amount (44.28GB in this case).  Either way, it works… and I have 15GB of unallocated space.


We can simply create the volume in Disk Manager, but I would rather do it in PowerShell.


This shows us the number of the disk we are using. I determined it was Disk 2.  So:

New-Partition -DiskNumber 2 -UseMaximumSize –AssignDriveLetter

My new partition needs to be formatted, and I trust I don’t need to show you how to do that.

What’s Left?

Now that I have my hybrid key created, I want to remember to enable BitLocker on both partitions.  I want to set a strong password on both drives.  Remember, by definition, this is a portable device, and even though I may be using an Apricorn key with a numeric key code, I remember that Defense-In-Depth is how I sleep sound at night.


So… that’s it!  I know this article is a hybrid of GUI and PowerShell and such, but then… the word hybrid is right there in the title!  I hope it has helped, and that you will be able to go forward and create your own Windows To Go hybrid devices!


USB and Windows to Go: Key in!

I have written in the past about several different Windows to Go (WTG) key options, and have leaned heavily toward the ones with Military Grade Security (MilSec).  They are all good, they all do just about the same thing.  Of course, there are differences with deployment methodology, as well as the tools that support them, but in the end, you plug a key in, you boot from it, you have Windows.

Recently I was introduced to a key that sets itself apart, and it is obvious from the first glance.  Just open the box of the Aegis Secure Key 3z Flash Drive from Apricorn Inc., and the first thing you will notice is that its top is covered with a numeric keypad, along with three lights.  The polymer-coated wear-resistant onboard keypad allows you to unlock your device with a numeric passcode before using it.  Wow.  This really does change things!

ApricornI had the opportunity to speak with Craig Christensen of Apricorn Inc. recently, and we discussed several of the features, as well as use cases, for the Aegis Secure Key 3z .  Some of the scenarios were obvious, but others really made a lot of sense.

It should be know that this key, available in sizes from 8GB to 128GB, was not designed special for Windows to Go.  In fact, according to Mr. Christensen, the vast majority of their users do not use WTG, and in fact the majority of customers who run a bootable operating system off the key are in fact using Linux.  Indeed, most of their customers are using the keys to store… well, data.

What sort of data?  Well, that would depend on the customer.  But with penetration into governments, military and defense contractors, aviation, banking, and many more, it is clear that the keys are in use by many serious people and companies for whom security breaches could mean more than a simple loss of competitive advantage.  Intellectual Property is certainly important to manufacturers, but when it comes to other sectors, the stakes get much higher indeed.

So let’s enumerate some of the unique benefits that these keys have over their competitors:

  • Separate administrator and user mode passcodes. as well as possible read-only passwords
  • Programmable individual key codes that can be unique to an individual, granting user-level access
  • Data recovery PINs in the event a PIN is forgotten… or in the event a user leaves the company on bad terms
  • Brute-force defense, wiping the device clean after a set number of wrong attempts
  • Unattended auto-lock automatically locks the device if not accessed for a pre-determined length of time
  • Self-destruct PINs allow a user under duress to enter a code that immediately and irretrievably wipes the device clean
  • Meets FIPS 140-2 Level 3 standards for IT and computer security
  • IP57 Certification means the device is tough, resilient, and hard to kill.  With its rugged, extruded aluminum crush-resistant casing, the Aegis Secure Key is tamper evident and well-protected against physical damage.

In short, this is a tough little device.

I decided to have a little bit of fun with the key this weekend.  The first thing I did was to create a WTG key.  Like my other WTG keys, I got the 64GB model, although they are available in much higher capacities.  So once Windows was installed, I was left with about 50GB of free space on the drive.  I have realized over time that unless I plan to use the key as my primary PC (I do not), that is more than plenty,  Yes, I will install Office 365 and Live Writer and SnagIt, as well as a dozen other applications I can’t live without, but I will still never need more than 35GB of that.  Possibilities…

Okay, Let’s shrink my Apricorn’s volume by 15GB.  It is now about a 45GB volume (formatted).  I then created another volume for my Data.  of course, I have both partitions Bitlocker encrypted, because Defense In Depth is important to me.  So now, the partition table on my key looks like this:


In short, I have my 350MB System volume, a 44GB Boot volume, and a 15GB data volume.  Why would I want that?  Remember when I said that the majority of customers use the Apricorn keys for data and not for Windows to Go?  Well, doing things this way, I can have the best of both worlds.  I can use the key to boot into my environment, but I can also use the 15GB MDG-Data  volume as a regular, highly encrypted and protected USB drive.

Of course, I had to test that theory.  I made sure I was able to take the key to another pre-booted installation of Windows, key in my code, plug the key in to that computer, enter my Bitlocker password, and use the key.  Yessir, it worked.  Woohoo!

So let’s see… My Apricorn key, which is rugged and not going to break, can boot into a secure Windows 10 environment; it can be used as a secure data thumb drive; it can be used as a combination of both.  Nice!

At USD$159, the 64-GB key is competitively priced.  Unlike many competitive devices, the prices are cited right on the web page, and you can even buy direct without having to set up an account and speaking with a salesperson.  If you are a company looking for volume discounts, you can also buy them from distributors such as Softchoice, TechData, Canada Computers, and many more.  For a clearer picture of where to buy from in your region, visit their Where to Buy page.

I have been working with the Apricorn drive as my primary workspace today, and there are only two very minor drawbacks that I have found:

  1. The drive does get hot.  This is no different from the other WTG keys I have discussed in the past.
  2. If your USB port loses power for a split second on reboot (most of them do), then you have to shut your computer down and unlock the key again.  However, if your USB port is persistently powered, this will not be an issue.

Whether you want it for Windows to Go, for data storage, or for a combination of both, the 256-bit AES XTS hardware-encrypted Aegis Secure Key 3z Flash Drive from Apricorn Inc. is certainly a must-have.  I know that going forward, this is a key that will always be in my pocket!

Dynamic Lock: Walk away securely.

Dynamic-LockOne of my pet peeves when walking through organizations that I consult for is seeing unlocked and unattended workstations.  I hate seeing this, knowing that anyone can sit down at their desk and do… whatever.  I know people who would sit down at these unlocked workstations, and send an e-mail to the entire organization (in the name of whoever’s workstation they was at), saying that they were buying beer, dinner, vacations, whatever.  Of course, *I* would never do that… it might be considered unethical.  But someone out there does it, and did it at a few companies I have worked at.  Funny, the behaviour seemed to stop when I left the company.  A weird coincidence, I know.

imageI have been saying for years that it would be a great feature if Microsoft could allow users to have a token – a key card or something – that would automatically lock their computers if the token were removed.  In Windows 10 Edition 1703 they have finally done it.

Dynamic Lock is a feature that is enabled in the Sign-in options, and is one of those great new features that I have not heard too many people talking about.  If you carry your smartphone around with you, and really, who doesn’t these days, then it is easy to implement and use.  Here’s how:

  1. Pair your smartphone to your desktop or laptop.  Oh, did I mention?  This will only work if both devices have Bluetooth enabled.
  2. Open Windows Settings, then select the Accounts option.
  3. On the left side of the window click Sign-in options.
  4. Click the check box under Dynamic lock.


That’s it… as simple as that.  Walk away with your phone (out of Bluetooth range), and within a minute your computer will lock down.  For those of us who are used to locking every time we walk away, this may not be an issue.  For the rest of you out there… set this up today!

Windows To Go Gotcha in Windows 10

So here’s an interesting fact about Windows To Go.  When Windows 10 first came out I was still running Windows 8.1 on my corporate desktop, and when I went to create my WTG image I couldn’t because the Windows 8.1 WTG engine did not support building Windows 10 WTG keys.  Ok, that is understandable.

Windows 10: The last operating system Microsoft will release, right?  Well my corporate laptop is on Build 1607, and when I downloaded the latest build (1703) it would not recognize it.  So my two options are:

  1. Download the earlier build and make my key based on that build; or
  2. Take the time to upgrade my laptop.

With all due respect Microsoft, if you are going to tell us that Windows 10 is the last desktop OS, don’t pull these games.  As a tech guru I understood right away what the problem was… How much time do you think the regular Joe trying to use your products would have spent on this?

Remotely Enable RDP

Like most IT Managers I manage myriad servers, most of which are both remote and virtual.  So when I configure them initially I make sure that I can manage them remotely… including in most cases the ability to connect via RDP (Remote Desktop).

But what happens if you have a server that you need to connect to, but does not have RDP enabled?  Using PowerShell it is rather simple to enable the RDP feature remotely:

Enter-PSSession -ComputerName computername.domain.com –Credential domain\username
Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 0
Enable-NetFirewallRule -DisplayGroup “Remote Desktop”
Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1

That should get you going.  Good luck!

Hello? Nice… but is it worth the money

imageMicrosoft has, over the last few versions of the client, made it much easier to log on to Windows.  By introducing PINs, Picture Passwords, integrating logons with Microsoft Accounts they have given us a lot more freedom, while taking security quite seriously.  I honestly think it is harder to hack into someone’s personal computer today than it was five years ago – at least, when users use the new options and do not store their passwords and PINs on sticky-notes.

When Microsoft introduced Windows Hello in Windows 10 I paid very little attention to it.  Firstly, I am no longer with the company; secondly, I am no longer a Microsoft MVP, and so am not invited to share in the information ahead of time; and lastly, I was just too busy with other things… and frankly I think all of the years of living on the bleeding edge had gotten to me.  I did install Windows 10 as an early adopter… but not as a very early adopter.

Even when I did move to Windows 10, back in the summer of 2015, Windows Hello was not a feature I was going to pay much attention to.  My Surface Pro 3 was a spectacular device, and I was not planning on trading it in, or buying an external camera just so that I could be logged in by facial recognition.

What is it?

Okay, so let’s back up a little.  Windows Hello is a new feature of Windows 10 that allows you to log on to your computer simply by being in front of it… but there is enough security that it has to be you sitting in front of it.  It cannot be someone who looks a bit like you, and it cannot be someone who has a picture of you.  In order to ensure this, the feature works only with Depth Cameras.  According to Windows IT Pro Magazine:

A regular webcam will not work with Windows Hello. Windows 10 features Windows Hello, which provides new ways to authentication using biometrics including facial recognition.  Since this is essentially 3-d detection,  a camera with a specialized illuminated infrared camera is required.

These cameras are not available in most devices… in fact, according to PC Magazine, most of these cameras are simply too expensive to include in lower end laptops. (See article).

So when, several months after the release of Windows 10, I traded up to a new Surface Pro 4, I did not even remember that the feature was called Windows Hello (in the article I refer to it as “the new high-res camera logon”).  It would be another month before I actually did get around to trying it.

So what do I think?  I like it… It is easier than ever to log on.  I sit down, my computer sees me, and it says “Welcome Mitch Garvis!”

Now here’s the issue… Yes, it is cool, and yes it is easier; but I have never in my life complained about having to type in a password.  I have never complained about password complexity.  I know that when I sit down at a computer I have to type in my password.  Is that gone now that I have Windows Hello?  NO! I use several computers, and most of them do not have Depth Cameras.  I am going to have to type passwords on most of the computers I work with for the foreseeable future.

Still and all, it is a great feature.  Would I have spent the money for it?  No.  However it is a ‘nice to have’ feature of Windows 10 with the Surface Pro 4.

If you do have a compatible camera, all you have to do is open the Accounts – Sign-In Options in your settings, and click on Configure Windows Hello.  Nothing too technical about it.  Good luck!

Panic at the Windows to Go Corral…

I really like my Ironkey Windows to Go (WTG) drives.  In fact, I like them so much I carry two of them – a W300 (software encrypted with BitLocker) that is domain-joined to one of my clients’ domains, which I use full-time since my corporate laptop went for a swim, and a W500 (hardware encrypted) that I use for everything else – it is joined to my Azure Active Directory domain (garvis.ca) and has all of my critical software installed, including such tools as my file recovery tools (Windows 10: Where are my files?), but also everything I might want to use day to day.

Like any responsible computer user I change my passwords on a semi-regular basis (Passwords: Beware).  Now that Windows allows you to tie your local account to your Microsoft account it is easier for me to do, because once I change that password, it automatically changes on all of my devices… or does it?

Last week I remembered (painfully) that it does not.  A disconnected device will not change the password until it logs on to the Internet (at which point, similar to domain joined computers, it will inform you that your credentials are out of date, and it will ask you to lock your computer and then enter your new credentials).

While I use my personal Windows to Go key on a fairly regular basis, sometimes I go longer periods without doing so.  This incident tells of a ‘perfect storm’ of things going wrong to lock me out… for days.

While I use my corporate key nearly every day to work at my office, my personal key is a ‘just in case’ tool… most of the time I have my personal device with me.  Most of the time my Ironkey W500 sits in my pocket waiting for me to be somewhere that I really need my stuff… an Internet cafe, for example. In fact, as I sit here thinking about it, I might not have logged on to it since I was in Japan (and I left Japan December 1st, 2015).

The other day I needed to use it… Probably on or about January 29th, or about two months after I left Japan.  I was trying to use it to recover files I had accidentally deleted from an older computer.  I brought the computer to my office and booted up.  I got past the hardware encryption without a problem – that password I knew.  However when it came to logging on to Windows, I was stopped.  ‘Incorrect Password.’  No, that is the right password… maybe I mistyped it.  I typed it again.  Same result.  I typed it two-fingered and very slowly…. nothing doing.

Wait… I have two different accounts with the same username… I know they have different passwords.  Let’s try the other one.  ‘Incorrect Password.’ Crap… Houston, we have a problem.

By this time, I know there is something wrong.  Of course, I changed my password shortly after returning from Japan, so I wonder if that might be the issue?  Of course, there’s a problem… I don’t remember what my old password was.

By now, I have tried my password too many times, and I am locked out… and to add insult to injury, the computer I was using did not have access to the Internet.  The problem would have to be resolved elsewhere.. on a computer with access to the Internet, on which I had already used the WTG key (so that the network drivers would have been applied).

The next day I went to my other office, and plugged the W500 into my old Lenovo ThinkPad.  I was a little scared when it booted twice into the Encryption screen, but then I remembered that only one of the device’s USB ports retained power during a reboot.  I changed port, entered my password, and… It worked.  PHEW!

So what is the lesson learned?  When you change your password, remember to log on to all of your devices at least once before forgetting the old password!

Windows 10: Where are my files?

I have gotten three calls in the past month from friends asking for help.  They updated their computer to Windows 10, and all of their files are gone, just like that.

It seems that there are a couple of questions that are either misleading, hard to read, or easy to overlook… One of them says something to the effect of ‘Do you want to retain your files, or do you want to delete them all and start from scratch?’  This is one of the reasons why you should never do anything using the Next-Next-Next-Done methodology of installation, rather you should read what you are doing… and carefully.

So what do you do when you realize that all of your files are gone?  ‘Hey look!  Windows just reformatted my hard drive and it’s nice and clean!’  STOP WHAT YOU ARE DOING.

When Windows – or most any tool for that matter – reformats your hard drive, it is not actually deleting the files that were there… it is just deleting the pointers to those files.  The hard drive index – or the file allocation table – is deleted… and your hard drive looks blank.

Fortunately there are tools that know how to look for those ‘deleted’ files, and restore them.  You might have to pay for such a tool, but in the end it is probably worth it.

Now here’s the thing: the files that are ‘deleted’ are no longer protected… so if Windows tries to save a file over that file, it will be truly gone.  So the best thing to do is as follows:

  1. Shut down your computer.  Do not pass Go, do not collect $200.  Don’t check your e-mail, don’t look up movie times.  Just shut it down.
  2. Call a professional.  Yes I know, these days everyone seems to know how to use computers, and the instructions are pretty simple.  However IT Professionals usually know a few tricks that laymen do not, and your files and data are definitely worth whatever fees you will have to pay.
  3. The professional will remove your hard drive from your computer and connect it as a slave on another system; this means that Windows will not try to write to the drive while it is on.
  4. He or she will then run the data recovery tools; a deep scan can take several hours, and is usually required in the case of a formatted drive.
  5. Together with the professional you will select the files and folders that you want to recover.  Don’t worry about anything in the myriad c:\Windows and c:\Program Files directories… what you usually want is under c:\Users. 
  6. In most cases it is a good idea to recover the files to a different drive, and then copy them back to your drive when you are done.  It may take a few hours, but in most cases your files will be worth the wait.

I have a favourite tool that I use to recover my files, but there are several out there.  Your IT Pro should have something that he or she likes, and if they don’t then you are probably better off finding another IT Pro.

And remember… Next – Next – Next – Done can cost you.  Take the time to read what you are doing!

Using External Storage to Simplify Windows Installation

I have been searching for hours on how to use a SD card as a hard drive to install win10. The laptop I am trying to upgrade gives a message you need to add at least 9GB to continue.  Can I use the SD card to finish the install or will it not work?

I have gotten this question, and several like it, a lot recently.  Here is my simple answer:

I have several questions for you:

1) I assume, but want to confirm, that you are upgrading a Windows 8 laptop?

2) Are you installing from an ISO, and if so what device is that stored on?

3) How much RAM do you have, and how big is your swap file?

My first answer is NO, you cannot extend the size of the C drive using another drive, SD card or not. The %systemdrive% has to all be on a single device.

With that said:

1) If your hard drive is not big enough to install Windows 10 onto (I assume this is not the case) then you have other issues. If the drive IS big enough, and there is just extra stuff on the drive, you should use the SD Card to clean it off. Things like ISO files, and anything in c:\Users\<User>\Downloads are a big one.

2) If you are installing from an ISO, and that ISO is on your C drive, STOP THAT J

3) If you have a large swap file, reducing it for the duration of the install will help.

The Windows installer has to copy a lot of stuff to your C drive. When it is done you will have a folder on it called c:\Windows.old. You can delete that at your leisure, but remember that during the installation, the hard drive hosts:

· The original installation of Windows, plus all of the apps and software

· The installation files required to install

· The new installation of Windows 10.

On a smaller hard drive that is quite the burden! While you cannot actually install it to your SD card, or use it to store any of those, you can use it to store the things we forget we accumulate over time – documents, videos, downloads, and more.

Good luck, and let me know how it goes!

Windows 10 have VD! No, it’s not what it sounds like…

When I first got into IT after the army my boss at the time was big into Linux… which didn’t bother me at all, because I wasn’t really ‘in to’ anything.  I certainly knew Windows better than I knew Linux, but I was just happy to be there.  There was one concept that I had the hardest time understanding, and that was virtual desktops.

It didn’t come up very often, but when it did (especially at one particular customer) he would show it to me… but it took me the longest time to finally understand… we were working on the same computer, and the prompt (bash) looked the same… but when we pressed that magic key combination we were all of a sudden working in a completely segregated memory space; so if we had a process running on Desktop 1, we could port into Desktop 2 and continue working.  I really just didn’t get it.

I finally got it of course… I never really used them much beyond that though, because I left Saturnus and spent most of the next twenty years working with Microsoft technologies… and of course Microsoft did not have Virtual Desktops.

Of course they probably had a decent rationale… with Windows you did not actually need to segregate desktops because you could run multiple applications simultaneously, and just minimize the ones you weren’t using.  I suppose that made sense… but when Linux implemented a GUI and they still had virtual desktops (I specifically remember seeing a Novell implementation of it) even with the ability to minimize apps.

Well guess what… they do now!  In Windows 10 Microsoft has implemented a new technology that the Linux world has been using since at least the mid-1990s.  I can now, on the same computer (logged on as a single user) segregate what I am doing between desktops… in other words, I can have all of the applications I run for my personal use – say, blogging and Internet banking – running on a single desktop, and have all of my work applications – say, e-mail, Excel, and Hyper-V – running on a separate desktop.

This all sounds good… and I like how it works.  It took me a few minutes of playing with it to figure out how to have two instances of the same program (say, Microsoft Office Word 2013) running on separate desktops.  It does work, but it’s a bit of a workaround.

Stop talking and show us how!

Yes, I know… I am verbose.  Here’s how you do it:

To create a new virtual desktop simply click Ctrl + WinKey + D (Get it? New Desktop).  Alternately you can open the Task viewer and click the New Desktop icon in the bottom right corner (see screenshot).


Switching between desktops is also pretty simple.  From the keyboard simply hit Ctrl + Winkey + left-arrow or right-arrow. 

(I would have loved to be able to set different desktop wallpapers for each virtual desktop, but so far I haven’t figured that out).

To move a running app between virtual desktops, open the Task view, then right-click on the app you want to move. 


As you see, you will have the option to either close it or move it to another existing or new desktop. 

And so how do you have two instances of the same program open in two different virtual desktops?  Simple… open a second instance of it in the existing desktop, and then move that second window to the different virtual desktop.  You would think there would be a cleaner way…

Deja Vu…?

Okay, this is all very nice functionality… but is it really new to Windows?  If you are a regular reader of this blog you probably know a thing or two about SysInternals (https://technet.microsoft.com/en-ca/sysinternals). There has been a SysInternals tool called Desktops (https://technet.microsoft.com/en-ca/sysinternals) for several years that does exactly this.  So is it really new?  Or is it another case of Microsoft saying ‘Okay, we have this new OS… what can we add in to make it look better, without spending a lot of time coming up with something new?’  Don’t get me wrong, I like the functionality… but to call it New is kinda pushing it.  Linux (free) has had it since 1995, SysInternals (also free) since 2010… and now it’s in Windows so we should be excited.  Okay, I’ll get right on that… tomorrow.

Don’t get me wrong… I like Windows 10, and I like Virtual Desktops.  But calling them a new feature is pushing it a little.  Next thing you know they will include BGInfo and ZoomIt in Windows 10.1 and we will all be expected to jump up and down.

Windows to Go: Ironkey gets it right

Back in 2012 I spent a lot of time talking (and writing) about Windows to Go (WTG).  This was Microsoft’s newest feature that allowed you to install Windows 8 on a USB key.  In theory I loved it, in practice… well, most of the USB keys that I tried it on (the certified ones, and not just the ones that I got for free at trade shows) worked… they just didn’t work very well.  They were… flimsy is probably the right word.  I had finally built my key just right, and one day I was demonstrating it to a group in Tokyo and… it just stopped.  It turned out, after hours of troubleshooting, that the connectors were not connecting properly.  After speaking with the company (who made me follow a less-abridged version of the troubleshooting steps I had already taken) offered to replace the key for me under warranty.  A few months later we had the same conversation on the replacement device.

So when I walked into the Ironkey booth at MS Ignite in Chicago this past May, I was intrigued by two promises they made: They told me that they are  MilSpec (Military Specifications, which means they should be nearly indestructible), and they promised it was full lengths faster than the competition.  I told them that I wanted to see that for myself, and they obliged by sending me two devices: An Ironkey W300, which is a heavy-duty 64GB key, and an Ironkey W500, which is just as heavy-duty, but includes hardware encryption.

I want to start by saying that I have nothing bad to say about either device.  However there are only so many hours in a day, and if I am going to get any work done (you do realize that I have an actual day job, one where they expect me to accomplish things) I could spend a little while testing both devices, but I was only going to focus on one of them.  Since the W500 is hardware encrypted, I made that my own, and only ran some cursory tests on the W300 before handing it off to an associate.

I should mention that there was another reason that I handed the W300 off… My colleague James is a Mac user, and the hardware encryption of the W500 is not compatible with the Mac.  For that reason the W300 was perfect for him.  However let me be clear: if I hadn’t been extremely satisfied by the performance of the hardware-encrypted W500 I would have kept the W300 for myself.  Yes, there is a difference between the two; it is less of a difference than you would notice if you switched out your solid-state drive (SSD) with a 15k rpm hard drive though.  That is to say that although the actual speed tests that I ran do show a marked difference between the performance of the two, to the naked eye for what I do on a daily basis there is very little difference.

At First Glance

There are some hoops to jump through in order to create the W500 as a Windows To Go (WTG) device.  Because it is natively encrypted you have to download the Administration Toolkit from their website, so that your Windows OS can recognize and build the key.  Okay, I am willing to live with that… after all, it is still easier than taking off my shoes and emptying my pocket at the airport.  You also have to download the Customization Toolkit, which modifies the install.wim file that you are going to use to build the key.  No problem, it took a few minutes and it was done.

If you are a normal user and are willing to RTFM then the process is fairly simple.  If you are like me and figure it will just work the way you think it will work, then it might cause a bit of frustration.  However once you realize that you don’t know everything and read the instructions, things go very smoothly.

W500So here’s what I did: I unlocked the device, I modified my ISO, I put the device into Configuration Mode, I created my Windows to Go (that was the same Windows wizard I already knew), and then I put the key back into Deployment Mode.  All in all it might have taken half an hour or so.  No big deal. 

When you put the device back into Deployment Mode it asks if you want to modify your hardware so that it will boot from USB before any other device.  If you are using the same computer for both (or even just for testing) then this is a good idea.  However my primary use case for WTG is work from anywhere on any device.  Make sure you know what key allows you to select the boot device before you boot it up… on HP it’s F9.

So we were off to the races… I built the key on a Lenovo T420s that I have at the office, and it seemed so simple to just reboot that device into my WTG environment.  Ok fine.  As it was booting I got the Windows 8 logo… and then an unfamiliar screen.  I arrived at the Ironkey Pre-boot environment, prompting me for my password.  Password entered, it rebooted into Windows for me.

**Note: At this point I should mention that I started these tests on the key with Windows 8.1.  On July 29 I downloaded the ISO for Windows 10 Enterprise and rebuilt the key.  So please note that while I may say one or the other edition at any point, the experience was quite similar, so interchangeable.

My Windows 10 environment loaded up on the Lenovo very quickly, despite booting from a USB key.  While I had the option to join it to my corporate domain, I opted to configure it with my Azure Active Directory (garvis.ca) because I would be using it for both business and personal.  I did add the VPN client for my corporate domain though, because I wanted to make sure I could use the key the way I originally intended it, and the way I hope my users will use it when we deploy across the company.

So I knew what Windows to Go could do because I worked with it before; the proof of the pudding is in the tasting though, and I wanted to see how this device would really feel from the user’s perspective.

In a word… seamless.  Once you are in Windows I notice no difference between using WTG and not… and that was always my concern with the other USB environments I had previously sampled.  This key showed the potential to be more than the ‘when all else fails’ alternative… it wants to be (and can be) a first class device that its competition never could be.  It is fast, it is solid, and it is reliable (a major area of contention with previous devices, as mentioned earlier).  While I didn’t perform the drop-test while inserted in a USB port (more out of fear of damaging the computer than the USB key), I did do a drop test.  I was listening to a podcast earlier and they talked about the standard four-foot drop test.  That’s nice of course, but if you have a USB key that can’t survive 4’ then you didn’t get your money’s worth.  No, I dropped this USB key from the second floor balcony of the cigar lounge where I am currently sitting, then walked down, picked it up off the concrete floor, then came back up and booted back into it.  No problem!

Two of the other devices I had tested either came apart or just stopped working reliably after a couple of weeks in my pocket (with my keys and coins).  Ironkey’s W500 laughed at that test… not even a scratch. 

Until recently I had the key connected to my keychain.  It made for a heavier and more unwieldy keychain to be sure, but I was fine with it… and it was only when my girlfriend borrowed my car for a day that the lanyard wire connecting the key to the keychain came open and got lost.  I suppose a woman’s purse may be no match for the pairing… but the Ironkey worked fine.

So my T420s worked great, but how about switching to another device?  I plugged it into my Surface Pro 3 and booted up.  I had to install device drivers, but it worked great.  But these are two pretty modern, corporate devices that are lovingly maintained by myself and the IT department at Kobo.  What about something less… modern and well-maintained?

In my girlfriend’s living room there is a computer that I would not want to spend a lot of time working on.  She readily admits it is ready to go to the corner – although she is wrong… it just needs a new hard drive.  Until recently she used it to watch Netflix and… that’s it.  It wasn’t good for anything else, seeing as it took 20 minutes to boot.  It’s old (the Windows sticker on the bottom says Windows Vista), but it is still an HP Pavillion… it shouldn’t be too bad.  It doesn’t have USB 3.0, so I wouldn’t expect much from it.  Once I installed the device drivers onto the Ironkey W500 Windows this 10 year old laptop purred like a kitten… I mean it really worked flawlessly!  It still popped up warnings that hard drive 0:0 was dying, but that did not affect how well the device worked.  It just.. worked!

That use made me think once again of all of the possible use cases for Windows To Go… I could now go into any Internet cafe, any hotel business centre, any mother-in-law’s place in the country, any airport lounge; No matter how poorly they maintain their computers, I can boot into my own hard drive on their ragged virus-ridden hardware and still be productive.  That rocks, because I do get to those places on a surprisingly regular basis!

W300So knowing how happy I was with the W500, I went back and borrowed the W300 from my colleague. Yes, I promise you will get it back… just let me see how well it works next to the W500.

Honestly I was surprised… while it is definitely faster, I didn’t feel like I was getting out of a Ferrari and into a Trabant… more like I was getting out of a Toyota Camry and into a Corolla.  Yes, the Camry is faster… but the Corolla is very close.  I spent a day working on it before giving it back, and when I went back to the W500 I was not at all disappointed by the very minor speed difference… I am happy to make the allowance for the security…

…and that is not to say that the W300 is not secure… it fully supports BitLocker drive encryption, which is absolutely solid and more than most people would need in an encryption layer. 

Both devices are the same size by the way… 81mm x 21mm – that is to say, about 3.2” x .9”.  They have not blocked the adjacent ports on any computer that I have tried them on.  They also (surprisingly, since Microsoft told me this would not work) both booted just fine when connected via a USB 2.0 hub.  That means that even on my Surface Pro 3 I don’t have to sacrifice my only USB port in order to use it.

In this day and age of terabyte hard drives it is hard to imagine that I could be satisfied living off a 64gb USB key… but remembering that most of my files are on-line anyways, this worked just fine for me.  What it did do was make me think do I really need this… every time I went to install another application.  I also considered disabling my Outlook Cached Mode, but then I wouldn’t have access to my e-mail off-line, so I decided to set the cache to a week instead of a month.

But what if it gets stolen?

I have said many times before that if someone steals my computer then I don’t care if they have a new device for themselves… as long as they cannot access my data.  I can always buy a new computer, but my data is not only irreplaceable, but in someone else’s hands it can be disastrous.  So the W500 has two different modes, that I call Self-Destruct and Soft-Destruct.  The default behaviour is simple… if you type the password in wrong ten times, the key self-destructs.  The circuits inside the key fry.  By the way, that is also what happens if someone tries to pry the device open (and Ironkey has made that extremely unlikely).  Soft-destruct is less… terminal.  After 10 wrong password attempts it wipes your device back to clean… I tried this before, and that is exactly what happened.  I was able to rebuild it as a new key, but there was no data left on it… not even traces.


If you need a solid and reliable device for Windows to Go, then there is nothing to think about… this is the only device for you.  Oh and if you are running an IT department and concerned that deploying dozens or more of these keys will be cumbersome, rest assured that Ironkey will provide you with the tools to deploy as many at a time as you have USB ports.  They also have a great tool for managing the hardware… if you want more information I’ll introduce you to them.

If you are worried (dare I say… paranoid?) about security, then this is also the device for you.  Whether you want to use it as an individual, or centrally manage hundreds or thousands for your organization, you will not be disappointed.

I definitely give the device two big thumbs up.  By the way, the majority of this article was written on a patio in Burlington, Ontario… with a cigar lit, and my Surface Pro 3 running my Windows To Go environment.

Thanks Ironkey!

Working From Anywhere

Over the years I have written extensively about methods of working from anywhere using various technologies including Remote Desktop, Virtual Desktop, Remote Apps, Virtual Apps, and Windows To Go.  I have been a huge advocate of many of these, both in my blog, in my professional life, and in my capacity as a community leader and trainer.  One day this week I decided to cut the cord and see if what I had really worked.

I am going to preface this article by saying that while I often write about things I have done or built for my clients, I seldom talk about who those clients are for the sake of discretion.  It will not be difficult for people to figure out what company I am currently working for, so I am going to discuss the projects and solutions in generalities, and for the sake of information security I am going to be very vague about some of what I discuss.

The project outline was simple: Build a virtual desktop infrastructure (VDI) for a conglomerate that owns over a hundred companies in over 25 countries.  Make sure it is stable and useable and all of that good stuff that will make the users want to use it, but make sure it is secure enough that IT departments of banks and governments and militaries would be proud of.  Oh, and make sure that if users are unable to get to their office computer – say, like the 2013 Toronto Flood or a tsunami or snow blizzard or sick child – that they can still do their work as if they were in the office.  No problem.

Once the infrastructure itself was built, we were pleased with it, but because of the security involved we couldn’t simply connect from anywhere; say, if I was at an Internet cafe in South America we would have to assume that the computer was compromised (virus, malware, spyware, etc…) and so as to protect the corporate data, security was added to prevent this.

Without going into the details, there is a VPN connection that needs to be established, and before that VPN application is even installed for the tunnel to be created a certificate must be installed.  These are things that you cannot do on just any computer.  Solution? Windows to Go.

I have written and spoken about Windows to Go (WTG) extensively since it was introduced in Windows 8.  It is essentially a clean installation of Windows on a USB key; I can boot any computer from the USB key, and whatever malware may exist on the local hard drive of the computer is completely out of the equation – that hard drive is offline.  So I keep a USB key in my pocket that has a clean installation of Windows 10 Enterprise (it has to be Enterprise) with all of my applications… including my VPN connection and my certificates.

One night I got to my girlfriend’s house and realized I had left my laptop bag at home.  I panicked for a minute, thinking I would have to go home to get it before going into the office.  Then I realized that I had the key in my pocket… no problem!  I decided to practice what I preach.  I wouldn’t be at an Internet cafe in some far off exotic location… I would be sitting at my desk in my office, using an old, laptop that we used for testing whatever.  It was not domain joined, it had not been scanned.  It had certainly not been customized to my needs and did not have my applications or certificates on it.

When I got into the office I picked up the laptop from the IT Department (as hard as it may be to believe, I do not work with the IT Department in my office), and went back to my desk.  I popped the USB key (an Imation W500 that will be the focus of an upcoming article) into the only USB 3.0 port, and booted it up.  After entering my credentials (the Imation W500 is a hardware-encrypted key) it booted into Windows 10, into my familiar environment, with my applications… and most importantly, with my VPN client.

One thing you might have issues with when using Windows to Go is networking; if you are going into an environment where you have to track down a Wi-Fi code then it can be tricky.  As I was sitting at my own desk, of course I know the Wi-Fi password, but I also have a wired connection.  I connected that, and then established my VPN connection.   Once I did that it was a simple URL to connect to the VDI environment… and I was working as I would from my own corporate laptop.

While I hope this never happens, if my laptop were to be stolen (or lost or destroyed) this solution means that I would not lose any productivity while waiting for a replacement device to be provisioned.  It also means that if I go away on vacation, I could log in from my personal laptop (which I would likely bring) without having to worry about bringing a corporate laptop too.

I think back to the day I logged in to my home computer from an Internet cafe in Buenos Aires when I was there in 2004 for my first wedding.  I shudder at what malware might have resided on the PC that I used then.  With the Windows to Go, VPN, Firewall, and all of the other security measures we have in place, that could not happen today.

So that evening I went back to my condo and picked up my laptop back and brought it into the office the next morning.  I decided to live without it for a few days… it will sit in a drawer waiting for a meeting that I need to go to and take notes at (the PC I am using with WTG does not have a touch screen, let alone a stylus).  In the meantime I will continue to ‘eat my own dog food’ and work with WTG.  Let’s see how long it takes before I long for my Surface Pro 3 again!

Live Writer: Not gone, just a pain in the Windows 10.

I have been blogging with Windows Live Writer for a very long time.  So when Microsoft did not see fit to install a Universal App (formerly Windows 8 app) of it, I was glad that I could simply install the same old version… and even if they were not going to upgrade it who cares, because the old version does everything I needed it to do.

So when I installed Windows 10 last week one of the things I had to do right away was, of course, install Windows Live Writer.  Aside from the fact that I have a new OS and need my familiar apps on it, a new OS release is one of the prime times you want me to be blogging, right?

Crap… Windows Live applications do not seem to be friendly with Windows 10.  Is this the end of an era?  I don’t think so.  As someone once said, where there’s a will, there’s a way.  (My friend Al Aronson used to say that where there’s a will, there’s a relative… but that’s another topic)  I started looking around… and finally I found Stefan Stranger’s article on it.

**NOTE: If you upgraded from Windows 8.1 and had Live Writer installed, you may not need to do this, and it might work without any of these hoops.  If so, carry on!

Step 1: Download the Windows Live installer from this link.  Note there are other places you can download it from, but they do not appear to work.

Step 2: From Windows PowerShell navigate to the directory where you saved your file (c:\Users\Mitch\Downloads) and run the following command command: .\wlsetup-all.exe /AppSelect:Writer /q /log:C:\temp\Writer.Log /noMU /noHomepage /noSearch

There will be several moments of… nothing.  There is only this:


However if you wait a few minutes, the application will be there… just like magic!


See that?  At the top, right under SnagIt in Recently Added.

On the one hand I am really glad that I figured out how to make this work (Thanks Stefan!).  On the other hand, I wish Microsoft would invest in upgrading some of the tools that we love, even the free ones.  Yes I know there is no money to be made from a free blogging tool, but come on… The people who use it are the people who blog about you, and we can either give you lemons or laurels.  Windows 10 overall is getting a laurel… but the fact that the Live tools (remember when you made a huge deal about these because you were taking apps out of Windows 7?) have not been upgraded in forever is a big, juicy lemon.

Windows 10–A few days in

IMAG0901By the time you read this, we will be a few days into August, which means that Windows 10 started to become available a few days ago, and chances are this is not the first piece you are reading on Microsoft’s newest OS.

Over the past few years Microsoft has been talking about a single OS for every platform. Windows X seems to be that. I don’t have an Xbox (or any other gaming console), nor do I have a Windows Phone (Sorry Cortana, I’m with Siri). However I do have four different installation types that I have installed on, and am glad to share.

Docked Tablet/laptop/desktop

Because I have so many other portable devices, I find my (personal) Surface Pro 3 stays docked more than 90% of the time. It was the first of my devices to upgrade to Windows 10, simply because it was the device that I used for my Insider builds of Windows 10 beta. It was a seamless experience, and when the Start Menu (and not the Start Screen) takes up only a bit of real estate on the giant double monitors, it was great. I played with Cortana a bit, but I have not been home enough to really give her a go.

imageFull (i7) Tablet

My corporate Surface Pro is managed by the company, and as such upgrades and patches are blocked until approved by Tokyo. However I have a bit of a cheat… more on that later.

7″ & 8″ (Atom) Tablet

If you read my blog recently you know that I have a pair of HP tablets – the Stream 7 and the Pro Tablet 408. The Stream is still waiting its turn, but on Wednesday (GA Day) I had the 408 open on my desk when it told me the upgrade was ready. The process took longer than on my other devices – wifi combined with a slower Atom CPU – but it was seamless. I glanced over at it occasionally to see that it was still going, but it was only as the clock approached Bingo Hour (the time I need to leave my office to catch a train) did I get nervous. The upgrade finished at Bingo -2 minutes though, and I was good to go.

Windows To Go

Woohoo! If you have ever heard me discuss WTG you will know I am a fan, a lot more so now that I have discovered the Imation Ironkey W500. Fast, secure, and milspec indestructible.

I will be writing a separate article on my Windows To Go experience… Believe me, I am happy with it… but mostly because I have my Ironkey USB key.  I suspect that when I try it on the other devices that I had tried I will be just as unhappy with the overall experience as I was with Windows 8.1.

What you will lose when you update

Here is where I first noticed something that irked me: All of my Windows 8 Apps (now known as Universal Apps) were there… but my legacy apps (including Microsoft Office and Live Writer) were nowhere to be found. I am sure if I went looking through my Windows.old directory they would be there, but an Upgrade is supposed to be just that.

Microsoft wants us on Universal Apps; I get it. When I worked for them they were very specific about reminding users that their corporate IT department can side-load corporate apps, and their deployment tools will already be set up for their legacy apps. Now I am Mitch Garvis, and I know a thing or two about Windows and deployment and installing. What about the 50 year old housewife who agrees to an upgrade because Windows Update recommends it, then finds out that all of her programs are gone? She probably doesn’t have a record of every program she used (many of which she bought on-line) and has now lost, if only because she forgot how or where or what.

Fortunately most of the apps I need have worked the way they need to… one exception was Windows Live Writer, but with a little help from my friends I was able to figure out how to get that to work (see article).  However let me give Microsoft one huge LEMON for not telling us that our legacy apps will be gone… and in some cases may not be recoverable.

What should I do BEFORE I install?

While Microsoft has made upgrading to Windows 10 (Windows OS X?) easier than ever, there are a few things that you should still do before upgrading.

  • Back it up!  Hello, haven’t you been listening for the last twenty years?  If you don’t want to risk losing it, take a backup of your system… just in case.
  • Make a list of the programs you have installed.  Your Modern apps on Windows 8 won’t be a problem because in the worst case you can still go to the Windows Store and see a list of the apps you have bought or installed in the past.  However anything else – the programs which weren’t installed from the Windows Store – are probably going to be gone.  You may not want to re-install some of the programs you had on your old system… but making the decision to not re-install is different from not re-installing because you forgot it was there.
  • SNAGHTMLd3023f

  • Along the same lines, before you run through that upgrade go through the list of programs and see what you might have to re-download, or at least make sure you have a license key for/ them.  Also remember that some application licenses track installations, and you might have to uninstall before being able to re-install.
  • Have your drivers handy.  If you have any known OEM brand there is probably a directory on your system with all of your drivers… c:\swsetup or something like that.  Just to be safe, and especially if you have custom drivers installed, you might want to make a copy of the directories c:\Windows\System32\Drivers and c:\Windows\System32\DriverStore.  If you forget, don’t worry… it will still exist somewhere in the c:\Windows.old directory that the upgrade will create.
  • Clean out your hard drive.  Remember, GIGO.  Remember, a good defrag never hurt anyone Smile


    What if you are still not sure?

    One of the great things about the age we live in is that we can dip our feet in the water without diving right in.  If you are unsure if you really want to upgrade your system before you get a chance to try it out, most modern systems will allow you to create a virtual machine and install an instance on your existing OS without affecting what you have.  Whether you do it with Hyper-V, VMware Player, or Oracle VirtualBox it doesn’t matter… just remember that the experience you will have will be that of a virtual machine, and you should test features and feel rather than performance. 

    When you decide that you like it, then you can go ahead and install.  Until you do, remember that what you have still works, and most of the features that are new to Windows 10 are great, but you have lived your entire life to date without them… you can go another few weeks.

    Caveat Installer

    I was hoping to spend a few hours on Tuesday upgrading my corporate tabtop (laptablet?).  However I had also hoped that a particular project would be done by then, but no such luck, I had to spend a few more days working on it.  While we keep hearing that the upgrade is a seamless process, it is not always quick… while you can continue working on your stuff as the bits download, once the actual installation starts your computer may be unusable for a couple of hours. If you have several systems available to you that might not be an issue, but since I can only connect to my corporate network from my corporate device, I decided to put this one on hold until I know that I have a few hours to relax.  (It should also be noted that I have already verified that most of my apps, most importantly my custom VPN client, will work.)

    How do I know if my program will work?

    If you are an IT Pro for a large organization, you should be installing lab environments and running compatibility tests for everything you need.  If you are an individual and are unsure if your applications or devices are compatible, there’s a site for that.  The Windows Compatibility Center allows you to type in any software package and find out.  So if you are one of those who bought Adobe Acrobat 7 and never paid for the upgrades, you can type that in to the tool and you will get this page.  Now granted, there are a few different submissions for the same package, and you can also end up with this page.  Obviously there is ambiguity, but at least you know that some people have said there are issues, so you should be careful.  If, on the other hand, you want to know about QuickBooks 2012 Pro, you will see that nobody seems to have an issue (see page).  However if you have any app or program that you are worried about and on which your productivity depends, I always recommend spinning up a virtual machine or Windows To Go key and see if it works firsthand.

    By the way, one of the areas around which compatibility has always been an issue come new OS time is printers and other devices.  We have to recognize that the device manufacturers who made your LaserJet 4000n in 2001 are the same ones making modern printers today, and while they will probably get around to releasing a driver for legacy hardware eventually, their main responsibility (and source of income) is their latest and greatest.  Once their newest drivers work on Windows 10 they will probably go back and write one for the hardware they stopped officially supporting during the Clinton Administration.

    Where is Mitch TODAY?

    I started writing this article on July 30th, one day after Windows 10 was officially released.  Because of my participation in certain programs I did have the final bits on one device a couple of weeks earlier, but it was only on the 29th that I got in line and waited like everyone else.  Here we are, a week later, and this is where I am:

    I have several devices working on Windows 10, including my personal Surface Pro, my HP Pro Tablet 408, and my work/test Lenovo T420s (docked).  Additionally, I have also created a Windows to Go (WTG) key on the T420s, which is really a combination of everything, and a computer unto itself… to prove that, in the middle of this very paragraph I saved my work, shut down the WTG on the Lenovo, plugged my USB key into my Surface Pro, and I am now working very happily in the same place on the same installation of Windows, but on a different CPU, monitor, keyboard, and mouse.  That’s pretty cool; expect an article on Windows To Go in a few days time.

    My corporate Surface Pro 3 and my personal HP Stream 7 are both still running Windows 8.1.  Why?  The reasons for each are different; the Surface Pro 3 needs my company to get a license for Windows 10 Enterprise assigned to it (which I could easily get around by using my own license, but seeing as you probably just finished reading the paragraph called Caveat Installer a few minutes ago, you will know I have other reasons as well.  The HP Stream hasn’t been upgraded yet because, like many of your computers, it is still waiting in line for the go-ahead.

    Incidentally, if you received an e-mail ostensibly from Microsoft telling you to click here to install Windows 10, do not do it.  There seems to be a new ransomware going around – what this package does is encrypts your data and doesn’t give it back to you until you pay in untraceable Bitcoins.  In other words, don’t do it… it won’t turn out well for you.


    As I walked away from my desk this morning with a couple of colleagues I said, out of the blue, that I was actually enjoying the Windows 10 experience.  There are certainly things that I am not happy with, and things I haven’t yet figured out.  However for the most part I am happy with it.  It integrates better with my Windows Account Microsoft Profile than any previous iteration of Windows, it saves my having to redo all sorts of work on each device I use, and with few exceptions all of my apps run on it.  If we assume that Microsoft spends millions of dollars trying to not repeat the mistakes of the past (notice the Start Menu is back), and learning from those mistakes, the user experience of Windows 10 should be exactly what the customer (you and me!) ordered.

    Should you upgrade? That’s up to you… as I mentioned in a previous article it is no longer my job to convince you to do so.  However if you do want to, you will probably not regret it!

  • Where’s My… <Fill in the blank Admin tool>?

    If you are me you like that every few years we get a new version of Windows.  Great new features, new tools, new this, new that… and new frustrations trying to figure out where the hell all of my tools are!

    Yeah yeah I know… this is the last version of Windows we are getting as a major release; from now on it’s going to be incremental updates released as patches.  Frankly I don’t know how crazy I am about that idea, but okay I’ll live with it.  In the meantime I want to know where I go to adjust my time and date, set default programs, add devices, set up ODBC data sources, and so much more. 

    We know where those were in Windows XP, and then Windows Vista came about but nobody really used it anyways.  Three years later we got Windows 7 and they were moved, but we got used to them.

    Windows 8 came about and they were moved again… crap, now not only do we have to find them, and this time I don’t have the Start Menu to look in.  Oh wait, here comes Windows 8.1, and my Start Menu is back… but they’ve moved my tools again!  Phew, I found them… just in time for them to release Windows 10.

    So there is a hidden trick in Windows… it has been there since Windows 7 (DO NOT try it in Windows Vista… as if there was a lot of chance of that!) that allows you to place a full ‘Admin’ file on your desktop.  Do this:

    1. Right-click on your desktop and click New – Folder.
    2. Name the folder Admin.{ED7BA470-8E54-465E-825C-99712043E01C}.

    That’s it!  You now have a shortcut on your desktop called Admin (Although technically you can call it anything you want).  It will look like this:


    When you open it up it will look like this:


    Notice the scroll-bar along the side… there are dozens of categories, which are:

    • Administrative Tools
    • AutoPlay
    • Backup and Restore
    • BitLocker Drive Encryption
    • Color Management
    • Credential Manager
    • Date and Time
    • Default Programs
    • Devices and Printers
    • Display
    • Ease of Access Center
    • File Explorer Options
    • File History
    • Fonts
    • HomeGroup
    • Indexing Options
    • Internet Options
    • Keyboard
    • Language
    • Mouse
    • Network and Sharing Center
    • Pen and Touch
    • Personalization
    • Phone and Modem
    • Power Options
    • Programs and Features
    • Region
    • RemoteApp and Desktop Connections
    • Security and Maintenance
    • Sound
    • Speech Recognition
    • Storage Spaces
    • Sync Center
    • System
    • Tablet PC Settings
    • Taskbar and Navigation
    • Troubleshooting
    • User Accounts
    • Windows Defender
    • Windows Firewall
    • Windows Mobility Center
    • Work Folders

    Wow… 42 categories, and 250 items.  That’s a lot of admin tools all in one place! Smile

    So go ahead and try it… It won’t hurt, it will just be one more icon on your desktop.  Frankly if you are like me, it will allow you to remove several desktop shortcuts that you placed previously Smile