All posts by Ed Tittel

Full-time freelance writer, researcher and occasional expert witness, I specialize in Windows operating systems, information security, markup languages, and Web development tools and environments. I blog for numerous Websites, still write (or revise) the occasional book, and write lots of articles, white papers, tech briefs, and so forth.

Building X12 Boot Media

As I’ve recently reported, the ThinkPad X12 Hybrid Tablet has two USB-C ports and no USB-A ports. Worse yet, a USB-A to USB-C adapter does not work to boot this machine, as I discovered the hard way. Compound that with FAT32’s 4 GB per-file ceiling and a install.wim that routinely tops 5 GB. That makes a straight Windows 11 ISO write impossible. Thus, I’ve worked through a repeatable solution that splits the WIM, mirrors the ISO source tree with Robocopy, stamps a proper bootable ISO with oscdimg, and finally writes it to a native USB-C drive with Rufus — no errors, no drama. It’s my way of building X12 boot media, though you can use MCT instead, if you prefer.

Manually Building X12 Boot Media. Step-By-Step

Just for grins I wanted to start from an official Windows 11 ISO, and create the boot disk from scratch. Here’s what I did:

Step 1 — Download the Windows 11 ISO

First, head to Microsoft’s official software download page at microsoft.com/software-download/windows11 and choose the “Download Windows 11 Disk Image (ISO) for x64 devices” option. Select your preferred language and grab the multi-edition ISO — it weighs in at roughly 6.5 GB, so make sure your destination drive has ample free space before you start. Save it somewhere you can easily reference in the steps that follow. I grabbed mine from the Downloads folder/library.

Step 2 — Mount the ISO and Split install.wim

Next, mount your downloaded ISO in File Explorer by right-clicking it and choosing Mount. In response, Windows assigns it a drive letter automatically (I’ll use D:\ here, though it shows as H:\ in the lead-in screencap). Then open an elevated command prompt and use DISM to split install.wim into 3,500 MB chunks, small enough to fit safely inside FAT32’s 4GB per-file limit (if you cut’n’paste the following, it should be a one-liner at the command line):

dism /Split-Image /ImageFile:D:\sources\install.wim
/SWMFile:C:\X12Media\sources\install.swm ^      /FileSize:3500

DISM writes install.swm, install2.swm, and any additional parts directly into your target sources folder. Windows Setup picks them up automatically at install time — no extra configuration required.

Step 3 — Build the ISO Source Folder with Robocopy

Then, use Robocopy to mirror nearly all files from the mounted ISO into a clean working folder — but explicitly exclude the oversized install.wim you’ve already replaced with the split .swm files:

robocopy D:\ C:\X12Media\ /E /XF install.wim

The split .swm files you created in Step 2 are already sitting in C:\X12Media\sources\, so the result is a complete, well-formed ISO source tree ready for imaging. Everything Setup expects is present and correctly sized.

Step 4 — Generate Bootable ISO with oscdimg

Next, you need a copy of the MS Operating System CD Imaging utility, aka oscdimg.exe. You may need to install the Windows ADK (Assessment and Deployment Kit) from Microsoft if you haven’t already (oscdimg.exe ships with it). I found one inside the MiniTool Partition Wizard (MTPW), and used that version instead (worked like a charm). Wherever you get it, oscdimg.exe is the right tool for stamping a proper dual-purpose ISO. The command below targets both legacy BIOS (etfsboot.com) and UEFI (efisys.bin) boot sectors in a single pass:

oscdimg -m -o -u2 -udfver102 ^   -bootdata:2#p0,e,bC:\X12Media\boot\etfsboot.com ^   #pEF,e,bC:\X12Media\efi\microsoft\boot\efisys.bin ^   C:\X12Media C:\Output\Win11_X12.iso

The -m flag overrides the 4 GB maximum image size limit, while -u2 enables the UDF file system for broad compatibility. The resulting Win11_X12.iso in C:\Output\ is your custom X12 Hybrid boot media image.

Step 5 — Write Bootable USB Media with Rufus

Finally, download Rufus from rufus.ie and launch it as administrator. For the drive, I needed a native USB-C flash drive — I ordered a Kingston DataTraveler 70. Do not reach for a USB-A to USB-C adapter: the X12 Hybrid will not boot from one, full stop.

Select the Kingston DataTraveler 70 in Rufus, point the “Boot selection” field to Win11_X12.iso, and set the partition scheme to GPT with target system UEFI (non CSM), leaving the file system at FAT32. Rufus handles the split .swm files correctly because they are already embedded and sized within the ISO — no special Rufus settings needed. Click START, accept any warnings about erasing the drive, and within a few minutes you have fully functional X12 Hybrid boot media ready to go.

The Proof’s In the Booting…

I was relieved when the X12 finally booted from the Kingston UFD entry in the UEFI boot menu. That had been a LONG time coming. Even so, the extra steps described above add perhaps 15 minutes to a typical USB media build. That said, they reliably eliminate the frustrating “Windows cannot install required files” errors that plague direct installs on picky devices. Give this workflow a try on your X12 Hybrid — or on any device where you run into issues booting from USB media— and let me know how it goes in the comments below.

I’m glad to have the X12 back on the working roster. Indeed, I’m getting ready to upgrade it to a Beta Channel build shortly, Hopefully, I won’t need the repair/recovery media I just built. But if I do, I’ve got it handy. Here in Windows-World “better safe than sorry” are words to live by!

Facebooklinkedin
Facebooklinkedin

Two Reboots ARE Better Than One

During the repair process for the X12 Hybrid Tablet (see Friday’s blog for details), I got to the point where I was ready to reboot after a couple of repairs. Those involved (1) running bcdboot to rebuild my boot files from scratch, and (2) telling Garlin’s update_UEFI... script to emplace SkuSiPolicy.P7b. After a first reboot, the boot screen showed red error text for a Secure Boot mismatch error (reporting that what’s in firmware differs from what wants to run). After a second reboot, the system came up clean with no errors at all. Indeed, that’s what’s supposed to happen and why I claim that two reboots are better than one!

To begin, it’s worth noting what those two steps actually do. Running bcdboot rebuilt the EFI System Partition boot files and restored a working Windows Boot Manager entry. The Garlin script then installed the production-variant SkuSiPolicy.p7b, which writes itself as a UEFI firmware variable enforcing production-level Secure Boot signing rules — rules stricter than the defaults many machines ship with. Consequently, the UEFI firmware suddenly had new staged SVN values sitting alongside the existing committed values in NVRAM. The first reboot is, therefore, where things got genuinely interesting.

Exploring Why Two Reboots ARE Better Than One: First Reboot

When the X12 attempted its first boot after the script ran, the firmware compared the newly staged SVN (Security Version Number) values against whatever was already written into UEFI NVRAM. Naturally, they didn’t match — because the new policy was not yet committed. That mismatch triggered the Secure Boot error you see mocked up as the lead-in graphic. However, and this is the critical part, that same first boot is exactly when Windows Boot Manager wrote the new SVN values out to the UEFI NVRAM, permanently committing the production policy into the chip’s non-volatile storage. The error, in other words, was not a failure. In fact, it was the system doing its job exactly as designed. The Secure Boot commit phase looks alarming on the surface; nonetheless, it is entirely intentional behavior.

Microsoft engineered this two-phase mechanism deliberately so that a mid-commit crash or power loss cannot brick the machine. Old NVRAM values stay valid until the new ones are fully written and confirmed. As a result, if the lights go out halfway through the commit, the firmware simply falls back to the previous known-good state. It is a genuinely elegant safety net (one that I have come to deeply appreciate after years of watching less careful UEFI implementations leave machines unbootable).

Reboot Two: Verifying a Clean Bill of Health

Furthermore, once the X12 had committed the new values on reboot one, the second reboot was simply the verification phase. With the NVRAM now holding the freshly committed data, the firmware ran its Secure Boot checks again. This time, FirmwareSVN, BootManagerSVN, and StagedSVN all agreed — and the machine booted clean, no error, no complaint. Running Get-SecureBootSVN from an elevated PowerShell prompt confirmed the result:

At this time, in fact, 9.0 is the current maximum enforced SVN — so this is a perfect result, not merely a passing grade. All three values align, and the ComplianceStatus line says exactly what you want it to say. The Secure Boot commit phase had done its work on reboot one; verification simply confirmed it on reboot two. The X12 was, in every sense, fully compliant with proper Secure Boot policy.

Two Reboots Makes a Pattern…

Moreover, this two-reboot pattern is not unique to my ThinkPad X12 repair scenario. It is the same deliberate mechanism Windows uses for DBX enforcement updates such as KB5012170. Microsoft designed it this way intentionally — if the machine loses power or crashes mid-commit, the old NVRAM values remain valid until the new ones are fully written and confirmed by a clean second boot.

IMO, the mismatch error on reboot one is a feature, not a bug. The Secure Boot commit phase genuinely requires two boots to complete safelyIndeed, that’s by design, not by accident. So next time you see a Secure Boot mismatch error on the first reboot after a repair or a policy update — don’t panic, don’t reach for the BIOS reset jumper, and definitely don’t call Microsoft support just yet. Just reboot again. Chances are, you’ll be greeted by a perfectly clean boot and Secure Boot status check outputs that make you smile.

Here in Windows-World, we take those smiles as we can get them, cheerfully and with good humor. Once the panic subsides, that is…

Facebooklinkedin
Facebooklinkedin

X12 Runs Production Win11 After Boot Repair

Here’s an odd one. I just  fixed a broken boot environment on my ThinkPad X12 (Gen 1) Hybrid Tablet. Oddly enough, Winver is now showing Windows 25H2 Build 26200.8737. What makes that odd? Prior to the fix, I’d been running the Beta release, Build 26220.8370. Hence my conclusion that the X12 runs production Win11 after boot repair. All I can say is: WTF?@*

Why X12 Runs Production Win11 After Boot Repair?

That’s the question I asked Copilot right away once I figured things out. Here’s what it said (bold emphasis mine):

bcdboot reconstructed the EFI boot environment from the on-disk Windows 25H2 partition, laying down a clean, production-signed bootloader baseline with no awareness of the machine’s prior Beta channel enrollment. The Garlin script then installed the production-variant SkuSiPolicy.p7b, which writes itself as a UEFI firmware variable and enforces production-level Secure Boot signing rules. This blocked the pre-release trust chain that Beta channel builds rely on, so Windows Update classified the device as a retail endpoint. It then served it the latest production-signed CU, build 26200.8737, not a Beta flight.

Whoa! Who knew that could happen? But sure enough when I visit Settings > Windows Update > Windows Insider Program on the X12, it tells me to “Join the Windows Insider Program.” This PC is clearly unenrolled and running a production build. Amazing!

Plus ça change…

Here in Windows-World, strange is just part of the day-to-day game. This latest little wrinkle, however, ranks pretty high on my own Strange-O-Meter. But as long as the laptop is working and doing what it should, I’m happy. In fact, I’m bemused because the official word is you can’t leave the Insider Builds unless you do so at a precise moment when it’s allowed, or perform a clean install. Seems like — at this moment, at least — here’s another way!

 

Facebooklinkedin
Facebooklinkedin

USB-C UFD Restores X12 Boot

I wasn’t sure Copilot was right. Even some of my regular commenters here at edtittel.com were sure Copilot was wrong. Fact is, I couldn’t get into WinRE to repair my damaged BCD until I inserted a brand-new USB-C based Kingston Data Traveler 70 (US$28) into the X12 Hybrid Tablet (Gen 1). Now it’s working. More explicitly using the USB-C UFD restores X12 boot capability.

Before that, I had tried known, good working USB-A UFDs via a USBA2C adapter. I’d also tried native USB-C NVMe SSDs as well. Apparently — as Copilot averred and my experience shows — it will only boot to a real USB-C UFD. Same format, same files, same creation approach on the other devices just didn’t result in a boot into WinRE for on-disk boot repairs to the C: drive. That much of the travail, at least, is now over…

After USB-C UFD Restores X12 Boot, Then?

Now I need to fix Secure Boot (SB), which is what got me in trouble in the first place. Right now, the unit boots fine with SB disabled. I’ve run the Garlin check script and have installed SkuSiPolicy.P7b. But still, I get the red text “Secure Boot mismatch” error info when I try to book with SB turned on. I’m going to reset the keys to factory default, and pick up from there to see what happens next.

But first, after I rebooted again on the X12 without making any changes, it took me to the Windows 11 lock screen. Windows Security gives the system its blessing (green checkmark on the Secure boot entry). So I may already be over the hump, because of the second reboot.

If at First You Don’t Succeed, Reboot Again…

On a third reboot, I get the spinning circles while the OS loads and get right to the Windows 11 lock screen. No more boot issues, no more “boot mismatch” refusals. I seem to have things working again.

As the old saying goes “Get the right tool for the job.” In my case I had to learn the hard way that I MUST use a USB-C UFD to boot the X12 into anything. Now I know. It’s in my little plastic bin of UFDs and I guess I know how to use it. Case closed, I hope!

Facebooklinkedin
Facebooklinkedin

GnuGB Properties Window Explains WinGet Pin

The old saying goes “There’s one in every crowd.” One of what? In this case, an app for which WinGet handles packages that doesn’t play by the rules. That’s OK in this case: the app is Gnu Backgammon (aka GnuBG, runs as “gnubg.exe”). I’m willing to forgive these foibles because it’s the  best-ever digital version of Backgammon around. It’s so good, in fact, I have to turn down its capabilities or it will beat me 9 games out of 10. That said, a quick look at the Gnubg Properties windows explains winget pin on this executable.

How GnuGB Properties Window Explains WinGet Pin

WinGet handles GNU Backgammon under the ID GNU.gnubg, But as a quick look at the properties window for gnugb.exe shows, it doesn’t self-report file version, product name or product version info (see lead-in graphic up top). That last item is an important part of what WinGet uses to figure out if updates apply to one of the packages in its custody. Indeed, this appears at the head of the next screencap, which shows output from two WinGet commands: pin list and show GNU.gnubg.

In particular, it’s noteworthy that Version info for GNU.gnubg shows up as “Unknown.” That reports the missing properties info obliquely, and explains why WinGet always attempts to upgrade that program unless I pin it up out of the way.

Indeed, that’s one of the main points of the WinGet pin command. And it works to prevent the package manager from trying to update something for which no update is available. It’s only because the app doesn’t self-report a version number that an issue presents. Pin provides the fix, and I’m glad.

Here in Windows-World, one must take one’s jollies when one can. I choose to be amused and entertained in this case. But I’m glad the WinGet team had the forethought to anticipate and fend off this kind of thing. ‘Nuff said.

Facebooklinkedin
Facebooklinkedin

X12 Boot Fix on Hold

Boy, howdy. I just spent the best part of a day figuring out I can’t fix a boot problem on one of my laptops. The Lenovo ThinkPad X12 Hybrid is a capable and compact Windows device, but its UEFI firmware has strict requirements for external boot media. After extensive troubleshooting, it’s clear that continuing repair attempts without a native USB-C flash drive won’t work. This post explains why that process must pause until the correct media shows up. Until it does, I’ve put the X12 boot fix on hold. Let me explain…

Why Put the X12 Boot Fix on Hold?

The X12 Hybrid’s UEFI boot environment is designed to recognize and boot only from a narrow set of external devices. Specifically, it supports:

  • Native USB-C flash drives
  • Native USB-A flash drives (when connected directly to a built-in USB-A port; my X12 has only two USB-C ports & no USB-A ports)
  • SD cards (on models equipped with an SD slot)

Alas, I’ve confirmed by experiment that it does not boot from:

  • NVMe enclosures
  • SATA enclosures
  • USB-A drives connected through USB-A-to-USB-C adapters
  • USB hubs or multiport dongles

Even when such devices appear in the boot menu, the firmware rejects them during handoff to the bootloader. My problem right now is that I don’t own a USB-C flash drive.

Why the Current Media Fails

During troubleshooting, multiple external boot media were tested:

  • USB-A flash drives: Not recognized as bootable when connected through an adapter.
  • Modern NVMe enclosures: Enumerated in the boot menu but immediately returned to the boot selector when chosen.
  • Older NVMe enclosures: Presented themselves correctly as USB Mass Storage devices but were still rejected by the firmware.

These behaviors indicate that the X12 Hybrid’s boot ROM enforces strict transport and device-class requirements. Only a native USB-C flash drive meets all these constraints. Sigh: I’ve got a US$28 Kingston DataTraveler 70 on order from Amazon (delivery : 7/1).

Why a USB-C Flash Drive Is Required

A native USB-C flash drive provides:

  • Direct USB-C connectivity without adapters or bridges
  • USB Mass Storage Class (BOT) compatibility
  • Reliable FAT32 formatting for UEFI boot
  • Full compatibility with Windows installation media

This combination ensures that the X12 Hybrid’s firmware can properly read and execute the Windows bootloader.

The Practical Decision: Pause and Wait

Given the firmware limitations and the consistent rejection of all other media, I can do no further troubleshooting until a USB-C flash drive appears. Once in hand, the following steps will occur:

  1. Format the USB-C drive as GPT + FAT32
  2. Rebuild the Windows installation media
  3. Boot the X12 Hybrid from the new drive
  4. Repair or rebuild the EFI System Partition (ESP)

Pausing now avoids wasted effort and boosts the odds that my next troubleshooting step will help.

Still Waiting…

The troubleshooting process for the X12 Hybrid now sits where the correct hardware is needed. A native USB-C flash drive is the only reliable path forward for UEFI boot and system repair. Once it arrives, the repair process can continue with confidence. Or so I hope: here in Windows-World there’s always the chance that a (nearly) sure thing turns out otherwise. Sigh again: I’ll be finding out!

Facebooklinkedin
Facebooklinkedin

WinGet Upgrade Knows More Than It Says

In running through my usual morning Winget Upgrade drill, I noticed that it found 3 upgrades, but applied only 2. As you can see in the lead-in screencap, it concluded its efforts with a line that reads “1 package(s) have upgrades blocked because newer versions use a different install technology…” To me, this means that WinGet Upgrade knows more than it says, because process of elimination reveals that Microsoft Edge is the missing item.

Why Say: WinGet Upgrade Knows More Than It Says

Microsoft Edge is deeply embedded into the Windows 11 OS.  Indeed, Windows 11 uses WebView 2 as a system component. That also powers the Settings app, widgets, Copilot, Teams, Outlook (new), the MS Store, and more. That’s why Edge usually updates more easily from within its own UI anyway.

In this particular case, something about the install technology changed moving from Version 149.0.4022.96 to Version 149.0.4022.98. That forces WinGet to keep its mitts off, unless users uninstall the old and then install the new in two separate operations.

I elected to jump into the app, do the upgrade, then returned to Windows Terminal to run WinGet Upgrade –all –include-unknown again. As you can see in the lead-in graphic (if you right-click that image to display it in its own browser tab), with Edge manually updated already beforehand, the next check returns “No installed package found matching input criteria.” In WinGet parlance that means “no items need updating here.”

In Windows-World, what you see can sometimes tell you more than what your app or tool output tells you. This is a definite illustration, and explains why I assert that the Windows package manager (i.e. WinGet) and its upgrade facility knows more than it says. Cheers!

Facebooklinkedin
Facebooklinkedin

Windows 10 ESU Gets Another Year

Microsoft has added a year to the expiration date for its Windows 10 Extended Security Updates (ESU) program. This gives consumers, businesses and organizations another year of critical security patches on their Windows 10 devices. In turn, that provides much-needed breathing room for transitioning to Windows 11 or newer platforms, ensuring users remain protected against emerging threats. As Windows 10 ESU gets another year of life, those running Windows 10 get another year to figure out “What’s next?”

The lead-in graphic for this post shows the MS ESU Explainer that pops up inside that OS when you visit Settings > Update & Security, then click the link that reads “Learn more about Extended Security Updates.” As far as I can tell, MS just extended that date this week. FWIW, other published sources (e.g. WinAero, Windows Latest, Windows Central, etc.) agree.

What Windows 10 ESU Gets Another Year Means

Extended Security Updates (ESU) is a program Microsoft offers to organizations that need to keep Windows 10 systems secure beyond the official end-of-support date. Officially, Windows 10 support ended on October 14, 2025. Even so, ESU allows customers to receive critical and important security updates for some time after that date. This “expiration date” just got extended, as you can see in the lead-in screencap.

This program is especially valuable for businesses with legacy applications or hardware that are not yet compatible with Windows 11. It helps them avoid security risks while they plan and execute their migration strategies.

Why the Extension Matters

The extension of Windows 10 ESU for another year reflects the reality that many organizations face challenges upgrading their infrastructure. Whether due to budget constraints, application compatibility issues, or operational complexities, migrating to a new operating system is rarely straightforward.

By extending ESU, Microsoft acknowledges these hurdles and offers a safety net. This additional year of support means organizations can continue receiving vital security patches, reducing the risk of vulnerabilities that could be exploited by cyber attackers.

What’s Included in the Extended Support?

The ESU program focuses on delivering security updates classified as critical or important by Microsoft. These updates address vulnerabilities that could allow remote code execution, privilege escalation, or denial of service attacks.

However, ESU does not include feature updates or non-security fixes. Organizations still need to plan for a full upgrade to a supported operating system to benefit from new features and improvements.

How to Get Windows 10 ESU

Eligible customers can purchase ESU licenses through Microsoft’s Volume Licensing programs or authorized resellers. The pricing typically increases each year, reflecting the diminishing support window. Individual users may also qualify for ESU, either by activating Windows Backup to sync files and settings via OneDrive, or by redeeming 1,000 MS Reward points.

To activate ESU, organizations must install specific activation keys and ensure their systems are up to date with the latest servicing stack updates. Microsoft provides detailed guidance and tools to help with this process. Individual users typically upgrade directly through WU, without having to reactivate Windows 10 licenses.

Planning Your Migration

While the ESU extension offers more time, it’s not a permanent solution. Users should use this period to accelerate their migration plans to Windows 11 or other supported platforms.

For IT-driven organizations, key steps include:

  • Assessing Compatibility: Evaluate applications and hardware for Windows 11 readiness.
  • Testing: Pilot Windows 11 deployments in controlled environments.
  • Training: Prepare IT staff and end-users for the new operating system.
  • Deployment: Roll out Windows 11 in phases to minimize disruption.

For SOHO and individual users, migration will usually mean disposing of older PCs not able to meet Windows 11 hardware requirements. Replacing those typically involves purchasing a new or used PC or laptop with Windows 11 pre-installed. Optionally, they may (or may not) use a program such as PC Mover to transfer their apps, files, and settings to the new OS.

One Year Adds Time, But Cures No Ills

The additional year for Windows 10 ESU is a welcome relief for many organizations still navigating the complexities of OS migration. It ensures continued protection against security threats while providing a buffer to plan and execute a smooth transition.

However, relying on ESU indefinitely is not advisable. The best strategy is to leverage this extension as a bridge toward a fully supported and modern operating system environment.

By staying informed and proactive, IT teams can safeguard their infrastructure and keep their organizations secure in an ever-evolving threat landscape. Individual consumers gain time to save up for a new PC or laptop, and plan their migration strategy, too.

Facebooklinkedin
Facebooklinkedin

Nearly Perfect PITR Makes Windows 11 Debut

Point-in-Time Restore (PITR) is one of the most interesting recovery features Microsoft has added to Windows 11 in recent memory. It arrived quietly through cumulative update KB5095093 in June 2026. Yet it brings a welcome new option for users who want a fast way to roll back their systems. PITR works by capturing snapshots of key system areas. These snapshots let you return your PC to an earlier state when something goes wrong. The idea is simple, and the execution is surprisingly smooth. In fact, I’d say MS has delivered a nearly perfect PITR to the OS.

What Makes It Nearly Perfect PITR, and Nor More or Less?

PITR creates restore points that include system files, settings, and some application data. These snapshots live on the local drive. They also tie into Microsoft’s cloud services when available. This hybrid approach gives PITR more flexibility than older tools like System Restore. It also makes the feature more resilient when local files become damaged. With the release of KB5095093, PITR gained a major upgrade: it now appears directly inside WinRE. That means you can access PITR even when Windows won’t boot. You can see it as a Troubleshoot option in WinRE in the lead-in graphic.

Seeing PITR listed in the WinRE Troubleshoot menu feels like a big step forward. It signals that Microsoft wants PITR to serve as a real recovery tool. You can boot into WinRE, choose Point-in-Time Restore, and pick a snapshot to roll back to. The process is quick and clear. It also avoids the complexity that sometimes comes with older recovery methods. For many users, this will be enough to fix common problems.

What Limits Warrant a “Nearly Perfect” Label?

Still, PITR is not a full replacement for image-based backup solutions. Tools like Macrium Reflect and Hasleo Backup Suite offer deeper protection. They create complete disk images that capture every sector of a drive. These images can be mounted like virtual disks. That means you can browse them, copy files out of them, and inspect their contents. PITR cannot do that. Its snapshots are not mountable. They do not support file-by-file access. They also do not cover the entire disk.

This difference matters when you need more than a simple rollback. If a drive fails, PITR cannot help. If you need to recover a single file from a past state, PITR cannot help there either. Image backups shine in these situations. They give you full control over your data. They also let you restore a system even when the internal drive is gone. PITR is faster and easier, but it is not as complete.

Even so, PITR fills an important gap. It offers a middle ground between System Restore and full image backups. It is quick, lightweight, and built into Windows. The addition of WinRE support makes it far more useful. You can now rely on PITR when Windows refuses to load. That alone makes it worth enabling.

Worth Enabling, But Not A Panacea

In the end, PITR is a welcome addition to Windows 11. It is not perfect, but it is close. For everyday problems, it may be all you need. For deeper issues, image backups remain essential. The best approach is to use both. PITR gives you speed. Image backups give you safety. Together, they create a strong recovery strategy for any Windows system.

To check PITR and it settings visit, Settings > System > Recovery > Point-in-time restore. On my systems it’s enabled by default with a single PITR restore point every 24 hours, 72 hour retention, and a space ceiling 2.0% of disk capacity. YMMV. Check it out: seems like a nearly perfect addition to Windows 11’s recovery capabilities.

To learn more about PITR, read this June 23 Windows IT Pro blog post “Point-in-time restore for Windows 11 is now generally available.” Lots of good stuff in there!

Facebooklinkedin
Facebooklinkedin

Hyper-V Hangs Up Intel DSA

Yesterday, I launched Intel Driver & Support Assistant (aka Intel DSA) on my Lenovo ThinkStation P3 Ultra Gen 3. Then I watched it sit there, seemingly forever, with Intel DSA hanging at “Scanning your system…” interminably. The spinner spun. And spun. And kept right on spinning.

First, I did what any reasonable Windows veteran does: I refreshed the browser tab. Then I restarted Intel DSA. Then I cleared the browser cache. Then — because hope springs eternal — I uninstalled and reinstalled the whole tool. Nothing worked.

Finally, after roughly 20 minutes of increasingly creative nattering about, I decided to actually dig in and find the culprit. Ultimately, I was able to determine that Hyper-V hangs up Intel DSA. When Hyper-V is running (with one or more VMs in tow), DSA gets stuck. When Hyper-V is off and its VMs shut down, DSA does its thing.

Discovering That Hyper-V Hangs Up Intel DSA

My first instinct was Task Manager. I scanned the process list for anything suspicious chewing up CPU or disk I/O. Nothing obvious jumped out — DSAService.exe was running, but it was barely registering any activity. Interesting.

Next, I pulled up Windows Services and confirmed that the Intel DSA Service was running and set to automatic. So the service itself wasn’t the issue. I then checked Event Viewer, hoping for a clear error message. However, Event Viewer offered nothing but a wall of routine informational noise. As helpful as usual (not much).

Then I glanced over at my taskbar — and something caught my eye. Hyper-V Manager was open. And sitting right there in the Virtual Machines list was my Windows 10 ESU VM, happily showing a Running state. I hadn’t touched it in days. I’d simply forgotten to shut it down.

That was my “aha” moment. I had a hunch. It was time to test it.

The Fix Is In — and Dead Easy, Too

I right-clicked the running VM in Hyper-V Manager and chose Shut Down — not Pause, not Save State, but a full, clean shutdown. Note state showing “Off” in the lead-in graphic: that’s what you want. Then I closed Hyper-V Manager entirely. Finally, I switched back to my browser and relaunched Intel DSA. The scan completed in about four seconds. Four seconds. After sitting frozen for half an hour!

So why does this happen? Here’s the short version. Intel DSA’s local service performs low-level hardware enumeration — it interrogates drivers, firmware, and system components directly. However, when Hyper-V has an active virtual machine running, the hypervisor layer sits between the operating system and the physical hardware. It intercepts certain hardware queries to protect the VM’s virtualized environment. As a result, Intel DSA’s scan requests can stall waiting for responses that never arrive. The tool doesn’t time out gracefully — it just hangs there, looking busy while doing absolutely nothing.

What to Do If Intel DSA Hangs on Your PC

If you’re seeing Intel DSA hanging at “Scanning your system…” with no end in sight, work through this list before you do anything drastic.

  1. Check Hyper-V Manager for running VMs. Open Hyper-V Manager and look at the State column. If anything shows “Running,” that’s your prime suspect.
  2. Shut down — don’t just pause — any running VMs. Right-click the VM and select Shut Down. Wait for the state to change to “Off” before moving on.
  3. Close Hyper-V Manager entirely. Don’t just minimize it. Close the window completely so the management layer releases its handles.
  4. Relaunch Intel DSA in your browser. Navigate back to the Intel DSA page and let it load fresh. The scan should complete within seconds.
  5. If it still hangs, try the IP listen fix. Open an elevated Command Prompt and run: netsh http add iplisten 127.0.0.1 Then, restart the DSAService via Services or with net stop DSAService && net start DSAService. This resolves a separate but related port-binding conflict that can also cause Intel DSA to freeze.

With luck, DSA will get unstuck for you, too. It worked for me. Here in Windows-World that may not guarantee it will work for you to. But at least, it’s worth a try. Give it a shot!

Facebooklinkedin
Facebooklinkedin