Pondering Windows Experience Pack Updates

I’m still at the point where it’s all sinking in. Thus, I read with interest at WindowsLatest this morning that “Microsoft is testing another new Windows 10 Experience Pack update.” I went to check update history on one of my Release Preview machines (the Surface Pro 3). And sure enough, I see a corresponding update to match the Experience Pack version info from Settings → System → About shown in the lead-in graphic. That’s got me pondering Windows Experience Pack updates in general, and hoping we’ll see them put to work for something more … err … substantial that screencap tweaks in the near future.

Pondering Windows Experience Pack Updates.update-history

While Pondering Windows Experience Pack Updates, I Hope for More Action

Once I learned that KB4601906 was in the picture for this change, I jumped first to the Microsoft Catalog to see if it was there. No such luck. Likewise, as is often the case, a search on KB4601906 through Google turns up lots of third-party hits, but nothing from MS itself. Clicking on the link in update history, however, is another story. That gets me to an MS Support item named January 12, 2021—KB4598242 (OS Builds 19041.746 and 19042.746). That takes me to a blurb on the wrong Knowledge Base article. A direct search for “KB4601906” at MS Support turns up … nada.

Of course, I learned what I could from WindowsLatest and other similar items from TenForums and other places. @Brink reproduces the Windows Insider blog item that finally sheds a little light on the subject. In that item, Brandon LeBlanc says

We are improving the reliability of screen snipping experience, especially with apps that access the clipboard often.

More importantly, near the end of his post, he goes on to say

…we are testing this new process out with Insiders to deliver new feature improvements to customers outside of major Windows 10 feature updates. Right now, we are starting out with a really scoped set of features and improvements. Over time, we hope to expand the scope and the frequency of releases in the future.

No News Is … No News

I get it now, and think I already understood this. MS is working with the Windows Experience Pack as a way to deliver new feature improvements without resorting to a semi-annual feature upgrade. They’re still testing and haven’t done anything serious or significant with this yet. But they will, someday. Soon, I hope. Stay tuned!

 

Facebooklinkedin
Facebooklinkedin

TreeSize Offers Valuable System Volume Information Insight

The JAM Software program TreeSize is a great visualization tool for examining (and pruning) Windows disks. For those disinclined to buy a full-blown copy, the TreeSize Free version (shown in this story’s screencaps) will suffice. These days, in fact, I recommend TreeSize over the older Open Source WinDirStat project. Both provide colorful, easy-to-read tree map diagrams for disk space consumption. But WinDirStat hasn’t been updated since 2016, and JAM is keeping up with TreeSize in all of its current manifestations. Certainly, there’s no disputing that TreeSize offers valuable System Volume Information Insight.

And, in fact, WinDirStat doesn’t shed much light on the contents of the System Volume Information (SVI) folder found in every NTFS volume. TreeSize, OTOH, tells you quite a bit about where the space in that folder is going and can help guide at least one easy clean-up maneuver.

In the paragraphs that follow, I’m going to follow up on my January 13  “restore point failure” story. In this story, I’ll show both before and after screenshots (in reverse order).  The lead-in graphic for this story shows what a pared-down 2.2 GB SVI folder looks like. It’s the “after” shot, taken after I turned off restore points on my production PC and instructed the System Protection control panel widget to delete all existing restore points. Why keep them if you don’t plan to use them ever again? Gone!

The next screenshot shows the “before” state for that folder. Note its size is 13.8 GB and the primary items shown are all restore points ranging from 3.1 to 2.5 GB in size. Deleting them reduced the size of this folder by 11.6 GB — a pretty substantial disk space reclamation.

TreeSize Offers Valuable System Volume Information Insight.before-restore-point-delete

Pretty much all you can see in this before SVI shot is a handful of BIG restore point files.
[Click image for full-sized view]

How TreeSize Offers Valuable System Volume Information Insight

Simply put, TreeSize makes file and folder information available for the contents of the SVI folder. Digging into the “after” display, one can mouseover any item therein. This provokes an information display a couple of seconds later. This appears as a pop-up windows that provides information including Name, Full Path, Size, Allocated, % of Parent allocated, Files (count), Last modification timestamp, Last accessed timestamp, and more. This information is quite informative and can be helpful.

In looking at the “after” shot at the head of this story, you can see that SVI includes folders for a variety of MS apps, Office.OneNote, Windows Photos, Skype, Office.Sway, and a whole bunch more. I’ve never seen this level of detail for SVI before. You can even zoom in on individual items to see what’s inside them, if you like.

IMO, TreeSize Free is a great tool for all kinds of uses. In this case, I’m glad that it confirms significant space savings thanks to turning off restore points and deleting existing saved restore points. Good stuff!

Facebooklinkedin
Facebooklinkedin

Using Windows 10 Generic Keys

Sometimes, a Windows 10 PC requires a clean install. It might be because of disk failure or corruption, malware infestation, or any of a host of other good reasons. As long as Microsoft’s Activation servers (or your own KMS) recognize that PC, you needn’t worry about finding or obtaining a valid OS key. Instead, if prompted to supply a key during the install process, you can furnish a published generic key for your chosen Windows version. Using Windows 10 generic keys is perfectly OK, as long as MS already knows you have a valid license.

When Using Windows 10 Generic Keys, Use These!

You can find generic Windows 10 keys in many places with a simple search. I like the list at TenForums, because it’s simple and comprehensive. It also comes in the context of a peachy list of tutorials that explain how and when to use keys correctly. The lead-in graphic for this story is a snippet from its generic key table. That tutorial is named List of Generic Product Keys to Install Windows 10 Editions. Worth bookmarking, it tells you (or points you at) nearly everything you need to know about working with generic keys.

Note: KMS stands for Key Management Server, a Windows Server role that plays out in many enterprise or campus environments. That’s because those kinds of outfits usually work from volume licenses for Windows, and manage their own Windows keys for themselves. None of the Home editions have generic KMS keys because Home is not covered under volume Windows 10 license agreements.

What if a Generic Key Has No Valid Matching License?

You can use a generic key to install Windows even if there’s no matching license in the Microsoft Validation servers. But that installation will not activate unless you provide a valid key within 30 days of the installation date. After that, the product works only with limited features and personalization. It also warns you you’re in violation of license terms, which leaves you liable for unlicensed use of software. Those can result in potential fines and penalties if you’re found guilty of license fraud or misuse. Trust me: you don’t want to go there!

 

Facebooklinkedin
Facebooklinkedin

Simple Command Craters Windows10 PCs Immediately

It’s not often you see a warning like the one in the lead-in graphic for this story. Indeed, executing a certain string at the command line will immediately crash a Windows 10 PC and render it unbootable. Before I go into details, I’m concerned that a simple command craters Windows10 PCs immediately. (Windows 8, 8.1, and XP are also reportedly affected, but not Windows 7.) Opportunities for malicious use are mind-boggling.

[Note: the lead-in graphic comes courtesy of Sergey Tkachenko at WinAero,com. He posted the story in which it appears Friday, January 15.]

It gets worse. That same string also corrupts any targeted NTFS volume in a URL (just a portion of that string in the address bar will do it). Furthermore, it works from inside a ZIP archive, an ISO, VHD, or VHDX file, too. I’m stunned!

I actually debated myself for days on whether or not to share this info. I finally concluded that the Windows community needs to know. It might arm bad actors with new ammunition. Hopefully, that danger is offset by the increased care it should cultivate in everyone else who learns about it.

What Simple Command Craters Windows10 PCs Immediately?

The command can occur in a file reference at the command line or in PowerShell. The simplest invocation is:

cd c:\:$i30:$bitmap

That’s it. Doesn’t look like much, does it? It can address other drive letters (in which case, it will corrupt them instead). C: is particularly dangerous because it’s the default volume where Windows and all of its necessary pieces and parts reside. Once the string is entered, an error message appears. It informs you that “The file or directory is corrupted and unreadable.” Windows will attempt repairs via Chkdsk upon restart, but it will not succeed.

According to Tkachenko:

…users have figured that it is enough to paste the above ‘:$i30’ string into the browser address bar.

to crater the C: drive. Not good!

Holy Moly! How does THIS work?

This exploit is based on the NTFS $i30 index attribute, which ties into filesystem directories and contains a list of its files and subfolders, and may include deleted items as well as active ones. If you search on “$i30 index attribute” or “NTFS $i30 attribute” you’ll see it’s well-known to computer forensics professionals. It’s also a critical part of the MFT (Master File Table) structures for NTFS. Nobody yet knows or understands why referencing it in a command, URL, or archived file structure is damaging.

According to Tkachenko, the security researcher who found this gotcha says:

I have no idea why it corrupts stuff and it would be a lot of work to find out because the reg key that should BSOD on corruption does not work. So, I’ll leave it to the people with the source code…

MS knows about this now and is reportedly working on a fix. This one should be a doozy, and should get fixed as quickly as they can manage it. In the meantime, watch out!

Do NOT try this at home (or at work, or anywhere else, either). If you simply have to try it, do it in a throwaway VM. Otherwise, cleanup will take time and effort, even if it’s just to restore a backup. As the man said “You have been warned.”

 

Facebooklinkedin
Facebooklinkedin

WIMVP 2021 Renewal Granted

Dear Readers: I’m pleased and proud to report some good news via email from the Insider MVP Program on Friday, January 15th. My WIMVP 2021 renewal granted, I’m good for another year of participation in this interesting and outstanding program. The lead-in graphic for this story, in fact, is the header and part of the first paragraph from that e-mail.

WIMVP 2021 Renewal Granted.WIMVP-page

Here’s a snippet from my official WIMVP listing on the WIMVP website.

When WIMVP 2021 Renewal Granted, Then What?

In one sense, re-upping in the program just means more of the same:

  • keeping up with Insider Previews, and providing feedback whenever possible
  • writing and researching Windows 10 topics
  • following the traffic at TenForums
  • posting at least 5 times a week about Windows stuff
  • writing articles for ComputerWorld and other publications on Windows news, topics, tips and techniques

From a different perspective, it’s an active community of Windows experts and aficionados. There’s an in-house MS component through Michelle Paison and the whole Windows Insider team. There’s an out-of-house component — the WIMVPs themselves — scattered around the globe keeping up with Windows tools and technologies, and providing early, frequent and informed feedback to the in-house folks. We also have frequent meetings, to talk about Windows 10 topics, and to hear from various product development teams within MS. I count 89 named WIMVPs on the listings pages, which makes me feel lucky, and even more honored, to be found worthy to rank among them.

Becoming a WIMVP

One becomes an WIMVP through a nomination process, followed by an application process. Even previous WIMVPs (like me) must re-apply every year. That means documenting one’s contributions to the Windows community. In my case I get hits from my online content for the past year, report on TenForums activity and status, and report on presentations and other Windows related activity and involvement.

The WIMVP nomination form is not currently available because the program just switched to put all members on the same annual calendar. They used to re-up 1/4 of the population each quarter, but now they start accepting nominations in early October each year, and WIMVPs wishing to continue in the program must submit their applications by mid-November. I plan to keep participating as long as they’ll have me. It’s not only a great community, it’s a joy to take part!

 

Facebooklinkedin
Facebooklinkedin

Restore Point Failure Forces Strategy Change

I run Macrium Reflect backup on my production desktop every morning at 9 AM. Hearing the big Toshiba 8TB drive chunking away reminds me it’s got things covered. I should’ve turned to that backup image immediately after a driver install yesterday. A new Realtek Universal Audio Driver (UAD) was expected out of that update. But I wound up with a Realtek HD Audio driver instead. Because I decided to try a restore point made just before that driver install, I bought trouble as well. And that’s why I say: Restore Point failure forces strategy change. Let me explain…

How Restore Point Failure Forces Strategy Change

Silly me. I should know better. I rely on Macrium to provide a failsafe against glitches. This includes self-inflicted wounds, like ignoring Device Manager’s warning that it couldn’t find a replacement UAD driver in the version v6.0.9045.1 pointer I picked up yesterday. Though it came from my own TenForums Realtek UAD thread, and a usually impeccable source, it didn’t work the way it should have.

Having been down the road of attempting a UAD update and winding up with an HD Audio drivers instead, I already knew the easiest way out of this spot was to roll back and start over. My mistake — which I will never repeat again — was to use a questionable but more recent Restore Point, rather than a known, good working Macrium backup image (an .mrimg file). When it failed, I found myself turning to that .mrimg file anyway.

When Failure Takes Longer Than Success…

The truly galling part of this misadventure is that it took 40 minutes for the Restore Point to fail and return control of the PC into my hands. It took just over 10 minutes to restore Macrium’s image backup file and for me to get restarted on the failed Realtek driver update (not to mention the Windows Update items for Patch Tuesday as well).

Ultimately, I did find a v6.0.9079.1 UAD driver at Station Drivers that did work as expected later. It was the easy part of the post Restore Point cleanup efforts, some of which are still underway. Ironically my big, honkin’ 8TB backup drive and the little 500GB SSD parked next to it in myWavlink dual SATA drive caddy both got hosed in the Restore Point’s wake. I’m using the Data Recovery feature in MiniTool Partition Wizard v12.3 to recover the 8TB drive’s contents now. This task has already taken 14 hrs and is 22% complete. When it’s done, the 500GB drive recovery should go MUCH faster.

What’s Next?

When the cleanup is done, I’ll be turning off restore point capture on my C: drive. I’ll also purge all the storage space that restore points currently consume (1.7 GB according to the WizTree graphic at  the head of this story). I figure if I don’t have any more restore points around to “try it and see what happens” with, I’ll be unable to repeat this recent debacle.

For the record, the item that caused the restore operation to fail was a Dropbox file. It’s ironic that something deliberately mirrored between cloud and desktop could cause such an operation to crash. Another copy is still in the cloud, safe and ready to mirror back locally when needed. Sigh.

Facebooklinkedin
Facebooklinkedin

Failing Drives Need Copy First and Foremost

I’m a long-time member and supporter at TenForums.com (joined November 14 2014). Just recently I saw a thread where a member reported issues with an apparently failing hard disk drive (HDD). Immediately, he and other responders started chewing on how to diagnose and possibly fix the HDD. “NO!” I remember thinking as I started reading the back-n-forth. “Failing drives need copy first and foremost,” I went on, “so progressive failures won’t cause more data loss.”

Why Do Failing Drives Need Copy First and Foremost?

If an HDD is starting to fail, there’s usually a cascade involved. First, one or two small failures, followed by increasing frequency and severity of failures. After that: complete drive failure. Once you have a clue that a drive is starting to fail — and SMART monitors like HD Sentinel or CrystalDiskInfo will clue you in quickly — the next step in troubleshooting is: Make a snapshot!

When trouble rears its head, the temptation to start diagnosing and attempting fixes can be nearly overwhelming. But in this particular case — a possibly failing HDD — such diagnosis and fix activities can severely exercise the disk. If it is failing, that could either make existing data losses worse, or cause data losses that haven’t yet occurred.

How to Get That Snapshot

I’d try a disk image using something like Macrium Reflect Free. If the disk is seriously corrupted, however, it might not work. In that case, use File Explorer or copy commands at the command line/in PowerShell to copy anything and everything you can see.

On the other hand, if you have a reasonably current backup of the failing drive — and you should — you can copy only items dated since the backup was made. Once you’ve captured what you can, you won’t experience further data loss as you pursue various troubleshooting strategies. Now that you’ve done due diligence for data protection, go for it!

When in Doubt, Replace the Disk

In my experience over 36 years of working with personal computers, I’ve had half-a-dozen hard disks fail on me. (I bought my first PC in 1984: a Macintosh 512K, aka “Fat Mac.”) As disks start to fail, they become increasingly unreliable and problematic. I’ve always replaced them as soon as diagnosis pointed out unquestionable failure signs or symptoms. I learned the hard way to backup, too: I lost the better part of a book manuscript in the late 80s when an external (and expensive!) 300MB SCSI hard disk experienced a head crash. Please: learn from my bad experiences. Don’t wait to have your own. Take my word for it: you won’t like them, not one little bit.

Facebooklinkedin
Facebooklinkedin

Lenovo X220 Tablet Hits IME Wall

I knew it was coming, but not when. I’ve already retired my Lenovo T520 laptop. I bought them together, so my X220 tablet has the same CPU — an i7-2640M Sandy Bridge– and  a 6 Series/C200 Series chipset. In the wake of the latest Dev Channel (Fast Ring) 21286 Build, this machine is now throwing  Intel Management Engine errors. As the lead-in screencap shows it tells me “ME is in Recovery State.” Then, it hangs until I hit the proverbial “Any Key.” When I say the Lenovo X220 Tablet hits IME wall, I’m really saying it’s too old for the installer. Simply put, Windows 10 apparently doesn’t know what to do with this old hardware any more.

If Lenovo X220 Tablet Hits IME Wall, Then What?

I can keep this machine going for a while yet, but I can tell its days are numbered. Upon investigation, its most current IME drivers and software date to the Windows 8.0 and 8.1 era. And then, there’s this cheery warning on the drivers and software download page for the X220 Tablet:

Key phrases in the warning are “no longer being actively supported” and “available ‘as-is'”. Translation: PC is old, and you’re on your own. [Click image for full-sized view.]

I found some fascinating discussion from others who’ve had this problem with this PC and others of its vintage. The most interesting item is at Bill Morrow’s Thinkpads.com forum. It prescribes a firmware hack as the best fix, which more or less turns off the Intel Management Engine (more recently renamed to Active Management Technology, or AMT).

To use this approach, I would have to buy a cheap (under US$20) EEPROM burner. Then I’d need to hack the bits for the BIOS myself  (through a Python program named ME_CLEANER).

I’m still chewing on whether or not I really want to do this. I will keep it running as it stands as long as I can, I think. I’ll pass it along to my old buddy Ken Starks at Reglue.org when I can’t upgrade Windows 10 on it anymore. Even with this glitch, by pushing the “Any Key” after each reboot during the Windows 10 install process, I got this machine upgraded to Build 21286. For the time being, I’ll just keep on keeping on until I have to do something else. Stay tuned!

Facebooklinkedin
Facebooklinkedin

About 21286 News and Interests

OK, then. Right after I upgraded to the latest Dev Channel Insider Preview Build (21286.1000) I expected to see the new “News and interests” item show up in the notification area on my Taskbar. No dice on my Lenovo X380 Yoga test machine. But as I learned more about 21286 News and interests I came to understand that the Edge Browser is involved in its inner workings. So, I checked the update level on Edge on that PC. And sure enough: it needed to come up to the current version 87.0.664.75 to be fully up-to-date.

More About 21286 News and Interests

After updating Edge, and another reboot, News and interests showed up. You can see it in the lead-in graphic for this story, which shows the notification area on my taskbar. It’s off to the left. It shows the sun occluded by a cloud, and reads “45°F Partly sunny.”

If you’re running this Dev Channel release and News and interests fails to appear, try upgrading Edge. Another reboot, and you should see something like the lead-in graphic for this story. That’s because in this build, News and interests is turned on by default. What if you want to turn it off, or see less of what it has to show? Easily done!

Managing This New Taskbar Item’s Appearance

To manage News and interests, right-click on a blank area in the taskbar. A menu will pop up that includes the “News and interests” item (see below). Click on the fly-out symbol to the right, and a fly-out menu with controls appears. Set the one you want. It’s just that easy.

Tip: Hidden means you won’t see it. Or you can Show icon only, if you don’t like the default value Show icon and text. ‘Nuff said.

About 21286 News and Interests.controls

If you don’t like the default value (“Show icon and text”), here’s where you change related settings.

Facebooklinkedin
Facebooklinkedin

Early One Outlook Screencap Eases Concerns

Following quickly in the wake of news of Microsoft’s Project Monarch, (reported here on Monday), a screencap from an actual user allays some of my fears. Notice the left-hand column in the lead-in screecap for this story. It shows the Archive folder amongst the other Outlook folders present. I take that to mean there is a way to integrate an archive with live, web-based messages in the cloud. Thus, an early One Outlook screencap eases concerns about business use.

Why Early One Outlook Screencap Eases Concerns

The name for the app is currently “One Outlook.” This speaks directly to Microsoft’s desire to assemble all Outlook clients in a single code base. Obviously, they’ve thought about the importance of archives in the Outlook environment. In fact, I’m relieved it shows up in such early intimations of where the app is headed.

My old friend and former Novell colleague, John King, responded to my previous post. He proposed the notion that an archive might  be uploaded to the cloud to remain accessible. I’m not certain. I could see it either way, given that I’m sure I’m not the only person with a 10+GB Outlook archive.pst. Millions of 10GB uploads may be more of a storage load than Azure wants to handle. It may make more sense to build plumbing into the app to access a local archive.

Those details, however, are a long way from being settled. According to OnMSFT.com, which reported on this phenom and the screencap, One Outlook is unlikely to appear until 2022. Right now, they say, it’s only available to “brave dogfooders” with in-house, internal Microsoft accounts.

Give Me Preview Access, Please

As the app evolves and develops, I sincerely hope that MS will provide more brave dogfooders outside the company with early access. In fact, I’d like to nominate myself among the ranks of “early outside adopters.” I’ll use it on a test machine, for sure, but it could help me further ease my concerns, as I explore its capabilities. For something this central to how I work and live, I hope that’s not too much to ask. Stay tuned: I’ll keep you informed.

Facebooklinkedin
Facebooklinkedin

Author, Editor, Expert Witness