Category Archives: Windows 10

TreeSize Offers Valuable System Volume Information Insight

The JAM Software program TreeSize is a great visualization tool for examining (and pruning) Windows disks. For those disinclined to buy a full-blown copy, the TreeSize Free version (shown in this story’s screencaps) will suffice. These days, in fact, I recommend TreeSize over the older Open Source WinDirStat project. Both provide colorful, easy-to-read tree map diagrams for disk space consumption. But WinDirStat hasn’t been updated since 2016, and JAM is keeping up with TreeSize in all of its current manifestations. Certainly, there’s no disputing that TreeSize offers valuable System Volume Information Insight.

And, in fact, WinDirStat doesn’t shed much light on the contents of the System Volume Information (SVI) folder found in every NTFS volume. TreeSize, OTOH, tells you quite a bit about where the space in that folder is going and can help guide at least one easy clean-up maneuver.

In the paragraphs that follow, I’m going to follow up on my January 13  “restore point failure” story. In this story, I’ll show both before and after screenshots (in reverse order).  The lead-in graphic for this story shows what a pared-down 2.2 GB SVI folder looks like. It’s the “after” shot, taken after I turned off restore points on my production PC and instructed the System Protection control panel widget to delete all existing restore points. Why keep them if you don’t plan to use them ever again? Gone!

The next screenshot shows the “before” state for that folder. Note its size is 13.8 GB and the primary items shown are all restore points ranging from 3.1 to 2.5 GB in size. Deleting them reduced the size of this folder by 11.6 GB — a pretty substantial disk space reclamation.

TreeSize Offers Valuable System Volume Information Insight.before-restore-point-delete

Pretty much all you can see in this before SVI shot is a handful of BIG restore point files.
[Click image for full-sized view]

How TreeSize Offers Valuable System Volume Information Insight

Simply put, TreeSize makes file and folder information available for the contents of the SVI folder. Digging into the “after” display, one can mouseover any item therein. This provokes an information display a couple of seconds later. This appears as a pop-up windows that provides information including Name, Full Path, Size, Allocated, % of Parent allocated, Files (count), Last modification timestamp, Last accessed timestamp, and more. This information is quite informative and can be helpful.

In looking at the “after” shot at the head of this story, you can see that SVI includes folders for a variety of MS apps, Office.OneNote, Windows Photos, Skype, Office.Sway, and a whole bunch more. I’ve never seen this level of detail for SVI before. You can even zoom in on individual items to see what’s inside them, if you like.

IMO, TreeSize Free is a great tool for all kinds of uses. In this case, I’m glad that it confirms significant space savings thanks to turning off restore points and deleting existing saved restore points. Good stuff!


19043 aka 20H1 Early Tryout How-to

Here’s an interesting experiment for those with a spare test machine handy.  Note that this machine must run Insider Preview Beta or Release Preview Channel Build 19042.782 with KB4598291 installed. I found a handy collection of DISM commands from poster “moinmoin” at If run in an administrative Command Prompt or PowerShell session, the PC will advance to 21H1, as shown in the lead-in graphic for this story. It serves, therefore, as a 19043 aka 20H1 early tryout how-to for adventurous insiders.

Working Through 19043 aka 20H1 Early Tryout How-to

Essentially, the following sequence of commands does piecemeal what a full-blown enablement package does behind the scenes. In fact, DISM runs a series of .mum files, which are XML files that provide instructions to the Windows Update Installer for performing specific updates. Honestly, I’m not sure how “moinmoin” figured this sequence out. I’m guesssing he worked from analysis of other, earlier enablement packages. But that sequence worked on my Lenovo X380 Yoga test machine, which had been running 19042.782 for a few days.

Please, look below for the sequence of commands. Warning: Those using German versions of Windows should get them from the original post. I’ll provide instructions on how to modify the command text for other languages afterward. It’s safe to assemble, then cut’n’paste these commands one at a time in PowerShell. That’s how I “upgraded” my Lenovo test PC, in fact.

Putting DISM Commands together

In fact, all these commands start with same master prefix string. Simply append the other sub-strings and fire them off at the command line to do your thing.

That master prefix string is:

Dism /Online /Add-package:C:\Windows\servicing\Packages\

The 8 suffix strings are (do not grab the numbers and the period that follows them — they’re to help you find stuff, not for command-line use):

Even for German (and other languages) the first command above stays the same. The German version of the second command above reads

Dism /Online /Add-package:C:\Windows\servicing\Packages\microsoft-windows-product-data-21h1-ekb-package~31bf3856ad364e35~amd64~de-DE~10.0.19041.782.mum

Note that the bolded language code for German German de-DE is embedded near the end of the string. To invoke the proper files for other languages substitute your language code where it appears. For example, a French speaker in France would use fr-FR, and a French speaker in Belgium fr-BE, and so forth. This applies to elements 2-8 for all languages, and is performed using string substitution on the German language version of the commands.

Necessary Precautions Beforehand

It’s probably wise to make a backup of your test PC’s OS image before you try this sequence of commands out. Also, make sure you have a working, bootable USB flash drive from which you can restore that backup. That way, should the worst happen, and your PC get bricked by the updates, you can boot to the UFD and restore the backup without too much muss, fuss, or lost time. Just because it worked on my Lenovo X380 Yoga doesn’t mean it will also work on your test PC. Better to have the backup and restore tools and not need them, than to not have them and suffer from their absence. Enjoy!


Build 19043 Becomes Likely 21H1 Candidate

The rumors started flying yesterday, first at WindowsLatest. But I couldn’t find evidence through the data they provided to back that up in the Windows registry. Then, this morning Sergey Tkachenko at came out with some more tangible proof in the form of registry key/value names to demonstrate that 21H1 action is afoot. I’m now inclined to agree that Build 19043 becomes likely 21H1 candidate for a Spring release.

Strong Hints Mean Build 19043 Becomes Likely 21H1 Candidate

In his story, Tkachenko proposes a string value  of Microsoft-UpdateTargeting-ClientOS vb_release_svc_prod3 10.0.19043.782 for an ultimate value of the Microsoft-Windows-21h1Enablement key. Just for grins, I searched on that value, and found nothing like it in either of my Release Preview (Build 19042.782) test machines.

Careful reading of his post leads me to  this analysis. Because 19041 became 20H1 and 19042 20H2, he’s guessing that 19043  matches up to 21H1. But so far, I’ve seen no hard evidence to support this assumption. That said, I do believe he may be right. I’ve seen nothing whatsoever to contradict equating 19043 with 21H2, either. And indeed, it is shared by many other Windows followers online.

How Much Longer Before We Know?

If you believe poster “moinmoin” at, an enablement package could appear as soon a next Patch Tuesday (February 9).  And if not then, he says, surely on or before the following Patch Tuesday (March 9).

It all depends on how this latest Release Preview update goes within the Insider Preview population that downloads and uses KB4598242. This test of the enablement package’s stability and usability, based on telemetry from its installers, could have a major impact on when 21H1 sees the light of day. If things go well, and no major issues or errors manifest, then sooner. If contrariwise, then later. We’ll see!

[NOTE}: To get the complete details on the Registry information from the lead-in photo from this story, right-click that image and select “View Image” (Firefox). Or, use your browser’s syntax to view the image by itself. Then you can read the values on-screen. HTH.

OK, Then: It’s Settled (January 24, 2021)

Thanks to a sequence of DISM commands that German-speaking Windows wizard “moinmoin” has shared at, we now know how to “upgrade” PCs running Insider Beta or Release Preview channel build 19042.782 (or higher, presumably). I share all those details in a new article here entitled 19043 aka 20H1 Early Try-out How-to. I’d have to say this locks in the 19043/20H1 nomenclature conclusively, unless MS introduces a seismic shift in naming conventions between now and when 21H1 goes public.


Using Windows 10 Generic Keys

Sometimes, a Windows 10 PC requires a clean install. It might be because of disk failure or corruption, malware infestation, or any of a host of other good reasons. As long as Microsoft’s Activation servers (or your own KMS) recognize that PC, you needn’t worry about finding or obtaining a valid OS key. Instead, if prompted to supply a key during the install process, you can furnish a published generic key for your chosen Windows version. Using Windows 10 generic keys is perfectly OK, as long as MS already knows you have a valid license.

When Using Windows 10 Generic Keys, Use These!

You can find generic Windows 10 keys in many places with a simple search. I like the list at TenForums, because it’s simple and comprehensive. It also comes in the context of a peachy list of tutorials that explain how and when to use keys correctly. The lead-in graphic for this story is a snippet from its generic key table. That tutorial is named List of Generic Product Keys to Install Windows 10 Editions. Worth bookmarking, it tells you (or points you at) nearly everything you need to know about working with generic keys.

Note: KMS stands for Key Management Server, a Windows Server role that plays out in many enterprise or campus environments. That’s because those kinds of outfits usually work from volume licenses for Windows, and manage their own Windows keys for themselves. None of the Home editions have generic KMS keys because Home is not covered under volume Windows 10 license agreements.

What if a Generic Key Has No Valid Matching License?

You can use a generic key to install Windows even if there’s no matching license in the Microsoft Validation servers. But that installation will not activate unless you provide a valid key within 30 days of the installation date. After that, the product works only with limited features and personalization. It also warns you you’re in violation of license terms, which leaves you liable for unlicensed use of software. Those can result in potential fines and penalties if you’re found guilty of license fraud or misuse. Trust me: you don’t want to go there!



Exorcizing Zombie Adobe Flash Player Elements

Some Windows 10 users may see a Flash Info logo show up on their desktops. Don’t worry: that’s Adobe’s way of telling you the Flash Player remains active on your PC, and needs to be removed.  I wrote about Flash end-of-life (EOL) and removal techniques on December 29. That story reported the EOL date falling at year’s end. Apparently not everybody has worked through its various uninstall possibilities yet, either.  The TenForums thread “Strange Logo on Desktop” turns out to be an admonition from Adobe to make Flash Player go away. Alas, the process doesn’t work 100%. Thus, I’ll explain how one goes about exorcizing zombie Adobe Flash Player elements.

Exorcizing Zombie Adobe Flash Player Elements.flash-info-logo

Here’s what the Flash Info log looks like: a faded Flash logo with the “i” (information) element superimposed.

Several Flash Player Uninstall Options Available

Flash shows up in lots of places, apparently. Likewise, uninstalling it requires a variety of removal techniques.  Adobe’s warning for its Flash Player Uninstaller hints at this. It reads: “These instructions are NOT applicable to Flash Player included with Microsoft Edge or Internet Explorer on Windows 8 and later or with Google Chrome…” It advises those users to check out the Flash Player Help page for disabling same.

There’s also an uninstaller available via the Microsoft Update Catalog. Counter-intuitively KB4577586 is named “Update for Removal of Adobe Flash Player.” When downloading this item, be sure to grab the one that matches your current Windows version. Note: apparently, there is no such update for Windows 10 Version 20H2.

If Adobe Flash Player shows up in Programs and Features, you can use its built-in uninstall functions to get rid of it. Or you could turn to a third-party product like Revo Uninstaller to do the job instead.

Exorcizing Zombie Adobe Flash Player Elements May Require Manual Efforts

After running the afore-linked KB4577586, the original poster for the TenForums thread that prompted this story reports that the icon remained on his desktop. On top of everything else on screen, it wouldn’t get out of his way. Should that happen, one can remove the Macromed folder and its contents from these two parent folders:

1. C:\Windows\System32
2. C:\Windows\SysWOW64

Savvy readers will recognize that these folders are where Windows keeps 32-bit elements, tools and utilities for use on 32- and 64-bit systems, respectively. You may need to run a special-purpose delete utility to remove these folders or you can boot into command line recovery mode and delete them that way. Your choice. Either way, that should result in exorcizing zombie Adobe Flash elements that may still be hanging around your system. Et voila!


Simple Command Craters Windows10 PCs Immediately

It’s not often you see a warning like the one in the lead-in graphic for this story. Indeed, executing a certain string at the command line will immediately crash a Windows 10 PC and render it unbootable. Before I go into details, I’m concerned that a simple command craters Windows10 PCs immediately. (Windows 8, 8.1, and XP are also reportedly affected, but not Windows 7.) Opportunities for malicious use are mind-boggling.

[Note: the lead-in graphic comes courtesy of Sergey Tkachenko at WinAero,com. He posted the story in which it appears Friday, January 15.]

It gets worse. That same string also corrupts any targeted NTFS volume in a URL (just a portion of that string in the address bar will do it). Furthermore, it works from inside a ZIP archive, an ISO, VHD, or VHDX file, too. I’m stunned!

I actually debated myself for days on whether or not to share this info. I finally concluded that the Windows community needs to know. It might arm bad actors with new ammunition. Hopefully, that danger is offset by the increased care it should cultivate in everyone else who learns about it.

What Simple Command Craters Windows10 PCs Immediately?

The command can occur in a file reference at the command line or in PowerShell. The simplest invocation is:

cd c:\:$i30:$bitmap

That’s it. Doesn’t look like much, does it? It can address other drive letters (in which case, it will corrupt them instead). C: is particularly dangerous because it’s the default volume where Windows and all of its necessary pieces and parts reside. Once the string is entered, an error message appears. It informs you that “The file or directory is corrupted and unreadable.” Windows will attempt repairs via Chkdsk upon restart, but it will not succeed.

According to Tkachenko:

…users have figured that it is enough to paste the above ‘:$i30’ string into the browser address bar.

to crater the C: drive. Not good!

Holy Moly! How does THIS work?

This exploit is based on the NTFS $i30 index attribute, which ties into filesystem directories and contains a list of its files and subfolders, and may include deleted items as well as active ones. If you search on “$i30 index attribute” or “NTFS $i30 attribute” you’ll see it’s well-known to computer forensics professionals. It’s also a critical part of the MFT (Master File Table) structures for NTFS. Nobody yet knows or understands why referencing it in a command, URL, or archived file structure is damaging.

According to Tkachenko, the security researcher who found this gotcha says:

I have no idea why it corrupts stuff and it would be a lot of work to find out because the reg key that should BSOD on corruption does not work. So, I’ll leave it to the people with the source code…

MS knows about this now and is reportedly working on a fix. This one should be a doozy, and should get fixed as quickly as they can manage it. In the meantime, watch out!

Do NOT try this at home (or at work, or anywhere else, either). If you simply have to try it, do it in a throwaway VM. Otherwise, cleanup will take time and effort, even if it’s just to restore a backup. As the man said “You have been warned.”



WIMVP 2021 Renewal Granted

Dear Readers: I’m pleased and proud to report some good news via email from the Insider MVP Program on Friday, January 15th. My WIMVP 2021 renewal granted, I’m good for another year of participation in this interesting and outstanding program. The lead-in graphic for this story, in fact, is the header and part of the first paragraph from that e-mail.

WIMVP 2021 Renewal Granted.WIMVP-page

Here’s a snippet from my official WIMVP listing on the WIMVP website.

When WIMVP 2021 Renewal Granted, Then What?

In one sense, re-upping in the program just means more of the same:

  • keeping up with Insider Previews, and providing feedback whenever possible
  • writing and researching Windows 10 topics
  • following the traffic at TenForums
  • posting at least 5 times a week about Windows stuff
  • writing articles for ComputerWorld and other publications on Windows news, topics, tips and techniques

From a different perspective, it’s an active community of Windows experts and aficionados. There’s an in-house MS component through Michelle Paison and the whole Windows Insider team. There’s an out-of-house component — the WIMVPs themselves — scattered around the globe keeping up with Windows tools and technologies, and providing early, frequent and informed feedback to the in-house folks. We also have frequent meetings, to talk about Windows 10 topics, and to hear from various product development teams within MS. I count 89 named WIMVPs on the listings pages, which makes me feel lucky, and even more honored, to be found worthy to rank among them.

Becoming a WIMVP

One becomes an WIMVP through a nomination process, followed by an application process. Even previous WIMVPs (like me) must re-apply every year. That means documenting one’s contributions to the Windows community. In my case I get hits from my online content for the past year, report on TenForums activity and status, and report on presentations and other Windows related activity and involvement.

The WIMVP nomination form is not currently available because the program just switched to put all members on the same annual calendar. They used to re-up 1/4 of the population each quarter, but now they start accepting nominations in early October each year, and WIMVPs wishing to continue in the program must submit their applications by mid-November. I plan to keep participating as long as they’ll have me. It’s not only a great community, it’s a joy to take part!



Restoring Missing 21292 N&I Taskbar Item

Here’s an interesting learning adventure. Upon introducing Windows 10 Build 21286, MS also introduced a News and Interests (N&I) taskbar item. I covered this topic on January 8. But after upgrading my Lenovo X220 Tablet to a newer Dev Channel release, N&I disappeared. Remembering a related story, I followed its activation advice. And that, dear readers, is how I found myself restoring missing 21292 N&I taskbar item a few minutes ago. Here’s the deal…

Going About Restoring Missing 21292 N&I Taskbar Item

Restoring or activating N&I requires the third-party ViVe tool. Helpfully, it can enable or disable Windows 10 A/B and hidden features. Download ViVe from Github, where the latest release is v0.2.1. For myself, I just observed that v0.2.0 also works. That’s because  I just used it successfully on my X220T, not yet realizing a newer release is available.

After you download the ZIP file, extract it into a folder. Next, run an administrative cmd or PowerShell session from that folder. Then, execute the following sequence of commands:

vivetool addconfig 29947361 2
vivetool addconfig 27833282 2
vivetool addconfig 27368843 2
vivetool addconfig 28247353 2
vivetool addconfig 27371092 2
vivetool addconfig 27371152 2
vivetool addconfig 30803283 2
vivetool addconfig 30213886 2

Note: If using PowerShell, prepend the string “.\” before each command or it won’t work.

Cut’n’paste these commands into the window. Please execute each one individually. Next, you’ll need to restart your PC. Voila! The N&I item reappears in the Taskbar. At least, it did on my X220T PC.

8 Commands Too Much? Try Some Batch Files

OTOH, if you prefer, WinAero offers a ZIP file in its story. It  activates all necessary settings from one batch file, and deactivates them from another.

And remember, N&I only appears in Build 21286 or higher-numbered Dev Channel Insider Preview releases at the moment.

More About the ViVe Developers

Note: the authors of ViVe are Rafael Rivera and somebody named Lucas/thebookisclosed/albacore. Both are active Windows developers and toolsmiths. Rivera is also an occasional contributor to (which is where I first came across him and his work). The other person is also the author of the excellent Managed Disk Cleanup utility, also available on GitHub.


MTPW Data Recovery Works Eventually

This is not a dig at the Data Recovery Tool in  MiniTool Partition Wizard (MTPW). When I entitled this item MTPW Data Recovery works eventually, I only meant to observe that it takes FOREVER to recover the contents of a damaged or corrupted drive.

I just learned this the hard way, when something corrupted both drives in my Wavlink ST334U dual drive dock. One of the two drives involved was a Toshiba 8TB unit with approximately 4 TB worth of production PC backups. Thus, I really wanted to recover some — but not all, at north of 100GB per image — of those files. The lead-in screencap for this story shows Data Recovery scanning to recover the contents of the other drive. It’s a mostly disposable 500GB unit that incorporates two Samsung EVO m.2 SSDs into a pseudo-array on a Syba SATA adapter card. Note that it plans to take 4:25 to recover 207.17 GB in 4119 files.

How Long, When MTPW Data Recovery Works Eventually?

Hmmm. Let’s see 4:25 for 207 GB means 19.787 times longer to recover 4 TB. That’s roughly 89.4 hours. Which in turn is 3 days, 17 hours, and 24 minutes. Of course, that’s way too freaking long for most ordinary people to wait for the whole thing to complete. Especially me.

Turns out that you can manipulate the left-hand menu in MTPW Data Recovery, and instruct it to recover only the files you tell it to by clicking checkboxes. And, as it turns out, by expanding listing items with a plus sign (“+”) to their left. Eventually, you get a map of what the recovery utility finds on the drive, and can pick what you like.

In my case, I liked the following:

1. About 1.5 TB worth of the most recent backups
2. About 2.5 GB worth of legal work archives
3. About 124 GB worth of info snapshotted from a now-retired E: drive

Thus, of the 4-plus TB worth of holdings on that 8 TB drive, I decided to recover under 1.7 TB. How long did this take? Somewhere in the neighborhood of 30 hours. Long enough that, when I copied the recovered files from the 4 TB HGST drive I pressed into service to receive them back to their original home, that process took 2:43:00.

What About the Other Drive?

I let Data Recovery scan for about an hour, then checked over the drive’s contents. It’s always been a scratch drive, so I was able to confirm there was nothing on that drive I couldn’t live without. So, I quit out of Data Recovery and MTPW. Next, I opened Disk Management, where the drive showed up as RAW at full capacity with an E: letter assignment. I changed it back to its original M: assignment to produce this screencap:

With the right drive letter in place, I can recreate the drive.
[Click image for full-sized view.]

Next, I right-clicked on its box, and then selected “Format” from the pop-up menu. I named it Syba.5 (Syba dual SSD adapter with 0.5 TB of storage space, give or take). The formatting operation took a surprisingly long time to finish (almost a minute) with the following result:

Even on a Quick Format, it took almost a minute for this drive to format.
[Click image for full-sized view.]

OK, then. I guess I’m back in business. Now if I can only figure out what went wrong in the first place, so I don’t do this to myself again. Sigh.


Restore Point Failure Forces Strategy Change

I run Macrium Reflect backup on my production desktop every morning at 9 AM. Hearing the big Toshiba 8TB drive chunking away reminds me it’s got things covered. I should’ve turned to that backup image immediately after a driver install yesterday. A new Realtek Universal Audio Driver (UAD) was expected out of that update. But I wound up with a Realtek HD Audio driver instead. Because I decided to try a restore point made just before that driver install, I bought trouble as well. And that’s why I say: Restore Point failure forces strategy change. Let me explain…

How Restore Point Failure Forces Strategy Change

Silly me. I should know better. I rely on Macrium to provide a failsafe against glitches. This includes self-inflicted wounds, like ignoring Device Manager’s warning that it couldn’t find a replacement UAD driver in the version v6.0.9045.1 pointer I picked up yesterday. Though it came from my own TenForums Realtek UAD thread, and a usually impeccable source, it didn’t work the way it should have.

Having been down the road of attempting a UAD update and winding up with an HD Audio drivers instead, I already knew the easiest way out of this spot was to roll back and start over. My mistake — which I will never repeat again — was to use a questionable but more recent Restore Point, rather than a known, good working Macrium backup image (an .mrimg file). When it failed, I found myself turning to that .mrimg file anyway.

When Failure Takes Longer Than Success…

The truly galling part of this misadventure is that it took 40 minutes for the Restore Point to fail and return control of the PC into my hands. It took just over 10 minutes to restore Macrium’s image backup file and for me to get restarted on the failed Realtek driver update (not to mention the Windows Update items for Patch Tuesday as well).

Ultimately, I did find a v6.0.9079.1 UAD driver at Station Drivers that did work as expected later. It was the easy part of the post Restore Point cleanup efforts, some of which are still underway. Ironically my big, honkin’ 8TB backup drive and the little 500GB SSD parked next to it in myWavlink dual SATA drive caddy both got hosed in the Restore Point’s wake. I’m using the Data Recovery feature in MiniTool Partition Wizard v12.3 to recover the 8TB drive’s contents now. This task has already taken 14 hrs and is 22% complete. When it’s done, the 500GB drive recovery should go MUCH faster.

What’s Next?

When the cleanup is done, I’ll be turning off restore point capture on my C: drive. I’ll also purge all the storage space that restore points currently consume (1.7 GB according to the WizTree graphic at  the head of this story). I figure if I don’t have any more restore points around to “try it and see what happens” with, I’ll be unable to repeat this recent debacle.

For the record, the item that caused the restore operation to fail was a Dropbox file. It’s ironic that something deliberately mirrored between cloud and desktop could cause such an operation to crash. Another copy is still in the cloud, safe and ready to mirror back locally when needed. Sigh.