All posts by Ed Tittel

Full-time freelance writer, researcher and occasional expert witness, I specialize in Windows operating systems, information security, markup languages, and Web development tools and environments. I blog for numerous Websites, still write (or revise) the occasional book, and write lots of articles, white papers, tech briefs, and so forth.

Resolving BitLocker Recovery Key Confusion

In removing the last vestiges of Adobe Flash Player from my Surface Pro 3 (SP3) yesterday, I found myself in need of a BitLocker Recovery key. Why so? That system has BitLocker turned on. Thus, one can’t get access to the C: drive’s content without providing its 48-digit recovery key. Because that’s what I needed to do, I quickly found myself resolving BitLocker Recovery Key confusion.

Secrets to Resolving Resolving BitLocker Recovery Key Confusion

Because I didn’t realize the SP3 had BitLocker turned on, I turned to my Microsoft Account’s recovery key page. That’s when I got confused. As you can see from the lead-in graphic, there are four devices named Surface in the list shown. “Simple,” thought I to myself “I’ll just grab the Surface item with the most recent Key Upload Date and that should do it.” (Note: Key Upload Date is another column on the afore-linked key recovery page, not shown in the screencap above.) Wrong! In fact, it turned out that NONE of the recovery keys for devices named “Surface” worked to provide access to the drive. Uh-oh!

Key ID to the Rescue

Knowing there had to be a way to link the recovery key to the information that BitLocker provided at bootup, I noticed the on-screen prompt supplied a Key ID tied to the recovery key. (It’s the right-hand column in the lead-in screencap.) On close examination, the first 8 HEX digits in that ID match the key column for Device Name DESKTOP-DT16BLB. And in fact, it is tied to the Recovery Key that allowed me access to the SP3’s BitLocker-protected C: drive.

An Ounce Of Preparation…

If you should ever wish to manually edit otherwise protected files in an OS installation at the command line, you’d be wise to check to see if BitLocker is turned on for the target drive.  Easily done, using the Bitlocker Drive Encryption utility in Control Panel. Here’s what running it on the SP3 produces, with some info and fields of particular interest.

Resolving BitLocker Recovery Key Confusion.cpl-output

Notice this Control Panel item shows BitLocker turned on for Drive C: Notice further, the link that reads “Back up your recovery key.”

The “Back up your recovery key” entry lets you save it to your MS account, save it to a file, or print the recovery key information to any available printer. It showed me the complete recovery key ID as well as the complete recovery key itself. And it confirmed what I’d already figured out. Indeed, none of my devices named “Surface” hold the valid recovery key for the SP3 device.

As it turns out, I did a clean install on that machine around October 4 2018. This produced a randomly generated device name DESKTOP-DT16BLB whose Recovery Key is the one the SP3 uses. Afterward, I changed the Device Name back to Surface, without realizing that related Recovery Key info at my MS account did not change along with it. Live and learn! I’m also taking the opportunity to delete a bunch of now-obsolete BitLocker Recovery keys, too.

PowerShell Tools for BitLocker Automation

Knowing that admins like to work through SCCM or similar tools, and work on systems using scripts, I found a useful PowerShell script to grab BitLocker Recovery keys. Here’s its output (best directed to a text file with additional identification info, if run against a slew of remote PCs), along with the handy built-in PS cmdlet manage-bde.

Resolving BitLocker Recovery Key Confusion.ps-stuff
Use them in good health, to good effect, please.

Facebooklinkedin
Facebooklinkedin

Adobe Flash EOL December 31 2020

Here it comes! With the end of 2020, Adobe Flash will also hit end-of-life (EOL). If you can find a webpage that still uses Flash, and you have the Adobe Flash Player installed on some PC, you’ll get the warning message shown in this story’s lead-in graphic. I couldn’t find one on the only machine I’ve got that still has Flash Player installed. It’s stiil present on my 2014-vintage Surface Pro 3 (SP3).

If Adobe Flash EOL December 31 2020, How Else To Remove?

Glad you asked. Because I couldn’t find Flash content to provoke the warning (and uninstall button) on my SP3, I turned to other means. The Microsoft Update Catalog offers a plethora of KB4577586 versions for all supported Windows 10 releases. The name of this item starts with “Update for Removal of Adobe Flash Player…” and then goes onto specify various Windows versions, Server and desktop, to which it applies. Note: for all versions 1903 and later, grab the one labeled Update for Removal of Adobe Flash Player for Windows 10 Version 1903 for x64-based systems (or x86 or ARM as circumstances dictate).

For my x64 SP3, this appeared as a file named
windows10.0-kb4577586-x64_ec16e118cd8b99df185402c7a0c65a31e031a6f0.msu
in my Downloads folder. As an MSU file, it works with the Microsoft Update Standalone Installer utility. And, to my surprise, running the update produces this error message:

Surprise: unless some installed browser has Flash Player installed, the update won't run.
Surprise: unless some installed browser has Flash Player installed, the update won’t run.

Turns out the SP3 has only Edge and Chrome installed, so no Flash Player is present in any browser to be removed. But the machine still has Flash Player on the C: drive, so I’d like to make it go away. Fortunately, Adobe might offer a tool for that very job. Let’s see.

Flash Player Uninstaller to the Rescue?

When it comes to getting rid of programs, uninstallers are the tools of choice. Adobe has one for Windows, so I downloaded same to give it a try. It gets off to a promising looking start:

 

Upon completion it reports Done, and advises me to restart the system. OK, I can do that.

After the restart I run the uninstaller but it doesn’t tell me anything new. That said, the Flash Player 32-bit control remains present in Control Panel, so it didn’t impact that item (more on this below). That said, the preceding download page also has manual uninstall instructions, so I follow them to remove the contents of the following folders:


C:\Windows\system32\Macromed\Flash
C:\Windows\SysWOW64\Macromed\Flash
%appdata%\Adobe\Flash Player
%appdata%\Macromedia\Flash Player

Some of these folders belong to TrustedInstaller, so I end up booting into recovery mode and manually deleting the files from the command prompt.  That takes care of the Flash Player itself.

One More Thing: Turning Off The Control Panel Element

The cpl file that brings up the Flash Player Settings Manager remains present unless you do one more thing. It’s invoked through the file that normally resides at:

C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

As outlined in this Adobe Support Community item, this is an artifact of the NPAPI or PPAPI versions of Flash Player that works with Firefox or Edge, respectively. If you simply rename this file with a different extension, it won’t load into Control Panel anymore. I imagine I could also delete it offline, as I did with the other files in the preceding folders, but that’s enough for today. It’s sufficiently gone for me!

Facebooklinkedin
Facebooklinkedin

Group Policy Edits Fix Broken RDP Credentials

I ran into an interesting problem this weekend. The “Your credentials did not work” error appeared when I added my usual MS admin-level account to the Lenovo X390 Yoga. I checked all the usual suspects with no change in status.  That means: remote access settings, account status, and so forth. Ultimately I had to search the error message via Google. And that, dear readers, is how I learned group policy edits fix broken RDP credentials.

How Group Policy Edits Fix Broken RDP Credentials

Even though I was using the same long-standing Microsoft Account I use for admin level login on all of my Windows 10 PCs, this one wouldn’t work. At one point, error messages informed me about a problem with LSASS (local security authority subsystem service, the OS component that handles logins). Later on, that error changed to “Your credentials did not work.” Sigh.

Because I had no trouble using the same account name and password (plus 2FA authentication through MS) to log into that PC locally, I knew the problem was focused on RDP. And indeed I turned up an extremely helpful article at Appuals.com. Entitled Fix: Your Credentials Did not Work in Remote Desktop, it let me to a working solution.

Group Policy Changes Needed

For me the items I had to enable, and then add the value TERMSRV/* resided in the edit path named
Computer Configuration > Administrative Templates > System > Credentials Delegation

Those items numbered 4, as follows:

1. Allow delegating default credentials with NTLM-only server authentication
2. Allow delegating default credentials
3. Allow delegating saved credentials
4. Allow delegating saved credentials with NTLM-only server authentication

Once I had made those changes, I had to restart the target PC. I also had to manually re-enter the credentials I’d attempted to use beforehand (without success). Then, finally: Boom! RDP accepted my connection attempt on the usual MS admin account. Problem solved. That was an odd one…

Facebooklinkedin
Facebooklinkedin

Best Holiday Wishes For 2020

Dear Readers:

You may not celebrate the same holidays that we do here at Chez Tittel. That’s perfectly OK. But whatever joys and remembrances you can find as 2020 gives way to 2021, I hope you’ll savor and find pleasure in them. We’re gearing up for a nice long holiday weekend right now. Today, I’m sharing an image of my wife Dina’s magnificent rumcake with one and all. I wish you could smell it (heavenly!) but even as a photograph it’s a pretty tasty image. And please: accept our best holiday wishes for 2020, and our hopes that 2021 will manage to improve on this year in every possible way.

After Best Holiday Wishes for 2020, Then What?

I’ll be posting sparely and sparsely until January 4, when I’ll resume a normal working schedule. We’ll be off to a new year of Windows 10 adventures and misadventures. I’ll keep chronicling them as they come my way, so please stay tuned.

High-Tech Goodies from S. Claus

I’d been looking around for a battery pack stout enough to keep our iPad running for the best part of the day. I found it in a RAVPower Xtreme RP-PB41 charger (26800 mAh). My son, Gregory opted in for a Schiit Modi3+ D/A Converter to sweeten his headphone audio. The boss has take over custody of the Dell Optiplex Micro 7080 I’ve been writing about lately as her daily driver. Like her, it’s a boss machine! We’ll have plenty to play with after the formal exchange of gifts tomorrow morning.

Of all the toys I acquired this year, my favorite remains the Sabrent NVMe drive enclosure with an ADATA XPG 256 GB NVMe SSD inside. It’s what I use to store my library of ISO images for use with Ventoy (or ready mounting and rooting around inside). Still peachy!

And again, best holiday wishes from all of us to all of you. May 2021 be a vast step up from 2020 for everyone.

 

Facebooklinkedin
Facebooklinkedin

TLS Cipher Suites Doc Quietly Confirms 21H1 Release Coming Soon

What’s in a DOCs file title? More than a name in this case. On December 17, a DOCs item with the title TLS Cipher Suites in Windows 10 v21H1 appeared online. This TLS Cipher Suites Doc quietly confirms 21H1 release coming soon for Windows 10. This is necessary for the OS to meet US Government Federal Information Processing Standards (FIPS) compliance requirements.

What TLS Cipher Suites Doc Quietly Confirms 21H1 Release Coming Soon Really Means

Long prior history confirms that MS doesn’t publish DOCs items about upcoming releases until they’re less than 30-45 days out. It’s intended to give readers sufficient advance warning to let them know something is coming, so they can start testing in Insider Preview versions of upcoming builds (from the Insider Preview program’s Beta Channel in this case, currently at Build 19042.685).

The rumor mill has already been speculating that 21H1 might make its debut as early as January 2021. This Microsoft Publication more or less confirms this guess, and puts the potential date range for such a release from January 16 through January 31, 2021. Of course, any number of things could happen that might cause this date to slip further out in 2021. But at the moment this make sometime in the second half of January a reasonable projection.

We’ll just have to wait and see how things turn out. Given that this is considered a “minor” release I would also guess further than MS will simply release an enablement package to take PCs from 20H2 to 21H1 quickly and with no need for a Windows.old to roll back to.

Hello 2021, Goodbye 2020

This could get 2021 off to an interesting start as far as Windows 10 is concerned. Stay tuned, and we’ll all find out together.

Also: my best wishes for happy holidays to those who celebrate them. I’ll be posting more irregularly in the period starting tomorrow through New Year’s day. One thing’s for sure: we’ll all be glad to get shut of 2020, a year like no other in recent experience.

Facebooklinkedin
Facebooklinkedin

21277 Puzzler Causes Head Scratching Befuddlement

I’m just a little dazed and confused. The most “out there” of all the Windows 10 releases — namely, Build 21277.1000 — still shows up in Settings → System → About and in Winver.exe as Version 2004. Given, as I understand it, that 2004 and 20H2 share the same code base, why isn’t the latest Dev Channel release showing the latest Windows 10 version? I can’t think of a good answer. I will observe that the release families RS_RELEASE (to which 21277 belongs) and FE_RELEASE (to which 20279 belongs) both predate the 20H2 release date. But because all share a common code base this 2004 label as a 21277 puzzler causes head scratching befuddlement. You can see the 2004 version number in the graphic below (click on that image to see it full-size if you can’t read the fine print).

21277 Puzzler Causes Head Scratching Befuddlement: 2004 or 21H2?
21277 Puzzler Causes Head Scratching Befuddlement: 2004 or 21H2? [Click image for full-sized view.]

If 21277 Puzzler Causes Head Scratching Befuddlement, What Next?

Good question. The rumor mill is asserting that 21H1 is nearing completion. See for example this WindowsLatest story Windows 10 Build 19043 (21H1) feature update will begin rolling out soon. If Build 19043 is heading for a 21H1 label, why is 21277 still carrying the 2004 label that will soon be one year behind its supposed predecessor.

Alas I wish I could say this version labeling scheme made sense. But MS tends to keep mostly mum on version labels, especially for Insider Preview releases. Thus, the 21277 Announcement says nothing about versioning at all. Ditto for the 20279 Announcement, itself another track for the Dev Channel that’s also ahead of 19043.

Io Saturnalia, Confusion Is King!

All we can do is take the Insider Preview releases as they come, along with whatever nomenclature MS decides to use when labeling them. But from time to time, I have to step back and wonder out loud about what’s really going on.

Personally, I’d prefer something like “Version IP-RS” (for Insider Preview RS_Release family) for the 21277 release rather than “Version 2004.” Ditto for IP-FE and “Version 2004” for 20279. Kind of makes me think they could just drop the version numbering altogether for Insider Preview releases and stick solely to the Build number. That’s what matters most anyway. Just a thought…

Facebooklinkedin
Facebooklinkedin

Practice Shows Little Speed Difference USB 3.0 versus USB-C

Just for grins, I conducted an experiment on one of my Lenovo X380 Yoga laptops. I hooked up two identical Seagate ST2000LM003 2TB HDDs drives. One is in an Intatek FE2004C USB-C drive enclosure; the other in a StarTech 52510BPU33 USB-3 drive enclosure. Using the two drives, and comparing them in CrystalDiskMark, practice shows little speed difference USB 3.0 versus USB-C. That’s the point of the following graphic in this story, fact.

Practice Shows Little Speed Difference USB 3.0 versus USB-C.3top-Cbottom

USB 3 on top; USB-C on the bottom. Big block transfers favor C, but random access favors 3. It’s a toss-up!

If Practice Shows Little Speed Difference USB 3.0 versus USB-C, Then What?

This makes me feel OK about hanging onto my older USB 3 drive enclosures because there’s only a small performance difference between them. It’s not like the results make me want to surplus all of my old USB 3 enclosures and replace them with their USB-C counterparts. This is good for the general exchequer, if for no other reason.

Check Out Uwe Sieber’s USBTreeView

As it happens, it’s not as easy as I thought it would be to determine what kind of USB interface a specific drive enclosure is using. Nir Sofer’s otherwise excellent USB Device Viewer (USBdeview.exe) didn’t clue me in. I turned to Uwe Sieber’s USB Device Tree Viewer (USBTreeView.exe) instead.

In the summary section, the device information in that utility distinguishes which USB version is in use for a targeted device. It alone was able to tell me that my D: drive (the USB 3 attached device) was running USB Version 3.0.  It also informed me that my E: drive (the USB-C attached device) was running USB 3.1 Gen ? You see the latter info from Sieber’s utility as the lead-in graphic for this story.

That latter designation is less informative than it could be, but I know my X380 only supports Gen 1 anyway. Thus, that particular the mystery is not too shrouded in obfuscation to penetrate.

When Do New-Tech Enclosures Make Sense?

I could see upgrading from USB 3 or 3.1 to Thunderbolt for SSD enclosures, particularly those for NVMe devices. I’m not sure even m.2 SSDs are enough to justify the extra outlay. But hey: that sounds like a great reason to order one or two such items and try it out to see what happens. Stay tuned!

Facebooklinkedin
Facebooklinkedin

Windows 10 Backup Strategies

When it comes to backing up my Windows 10 systems, I’m a belt and suspenders kind of guy. For my production desktop, that means a daily image backup to Macrium Reflect. It also means 12-hour copies of my selected folders from my user account through File History. I’ve savagely pruned what File History copies by default, because my daily image backups catch a lot of that stuff once a day, which is often enough for me. My Windows backup strategies are designed to limit data loss to a 12-hour period, and to get me back to work quickly if I ever need to restore an image. I keep my Macrium Rescue Media updated and ready to go, so I can even do a bare-metal restore should my current OS get hosed.

Deciding on Windows 10 Backup Strategies

Daily image backups catch everything on my C: drive (including the User folders in which I’m active). So I use File History sparingly (I’m already catching a total snapshot once a day). I’ve trimmed the default allocation to eliminate music files. (I have over 4 GB indexed through “My Music” across 2 other drives on my system.) Ditto for Downloads (currently 6.7 GB in size).

If you going to use File History be sure to look over the Folders it covers carefully. You can click on any one of them to see a “Remove” button to get rid of it. I made extensive use of that capability in pruning my File History capture description. You can see my most important File History folders in the lead-in graphic for this story (click here for full-sized view).

Practice Makes Perfect for Backup/Restore

To make sure your backups are working properly, you should make a backup (or use File History) to restore some files. Consider it both a test to make doubly darn sure backup is working and practice for when you need to restore something for real. Practice prepares you for disaster so you can concentrate on doing what’s important rather than trying to remember how to do it.

I recommend a practice run at least once every three months. I don’t usually have to schedule this myself, because I’m always tinkering with my systems. That means that I’m sometimes repairing the unwanted results of a tinker gone bad by — you guessed it! — restoring a backup.

Facebooklinkedin
Facebooklinkedin

KB4586853 Fixes Thunderbolt NVMe SSD Stop Error

A couple of months back, Windows 10 starting crashing when I would plug a USB-C NVMe device into one of my Belkin Thunderbolt docks. I soon learned this was a known gotcha, and simply switched to plugging the device into my USB-C/Thunderbolt port instead (which kept working). As per the Windows 10 20H2 Known and Resolved Issues page, KB4586853 fixes Thunderbolt NVMe SSD stop error.

Checking KB4586853 Fixes Thunderbolt NVMe SSD Stop Error

As an eternal skeptic, I tried my Sabrent-enclosed Samsung 760 NVMe drive through the Thunderbolt dock on the Lenovo X380 Yoga, the X1 Extreme, and the X390 Yoga laptops I have at my disposal. It worked fine on all of them. I haven’t tried it on the Dell Optiplex 7080 Micro (it’s upstairs) yet, but I expect it will be fine as well. Makes one wonder what started this off in the first place.

The Conexant Audio Driver Issue

As you can see in the lead-in graphic, the long-standing error with Conexant audio drivers remains unresolved. I guess I should be glad that it doesn’t affect my newer Lenovo laptops. As you can see from the following Device Manager screen cap, all of them list a Conexant SmartAudio HD device as the first entry under Sound, video and game controllers. Given the gotchas out there, I’m happy when they don’t bite me!

KB4586853 Fixes Thunderbolt NVMe SSD Stop Error.conexant

Although my newer (2018 and later) Lenovo laptops all include Conexant audio chips, none seems affected by the unresolved issue for such devices. Dodged a bullet?

In general when things get weird with devices or their drivers on Windows 10, I usually check the issues list before I go into heavy-duty troubleshooting mode. As with the Thunderbolt NVMe device issue just resolved, such issues do bite some of my PCs some of the time. Thus, this saves me from trying to solve problems that other, better-equipped engineering teams are already working on. Now, if I could just learn to be patient while those fixes are in progress…

Facebooklinkedin
Facebooklinkedin

Dev Channel Previews Offer Sun Valley Sneak Peek

Both forks of the Dev Channel builds offer a look into Windows 10’s UI future. I’ve just checked, and those who upgrade the Alarms & Clock app through the Store to version 10.2012.18.0 will see the new look. According to Mayank Parmar at WindowsLatest, the new rounded interface, look and feel represents the direction toward which 21H2 UI design is trending. He says this is “part of a major overhaul codenamed ‘Sun Valley’” possibly to go public in the second half of next year. Hence my assertion that Dev Channel previews offer Sun Valley sneak peek. Check it out!

Dev Channel Previews Offer Sun Valley Sneak Peek.timers

Note the rounded look for the progress bars and the completely changed UI look and feel.
[Click image for full-sized view.]

Dev Channel Previews Offer Sun Valley Sneak Peek Explained

There’s some reading between the lines required to suss out what’s going on. MS has been moving the UI toward what Parmar correctly identifies as a “modern” and “rounded” look of late, especially in its icon designs and the Start Menu layout and visuals. Now it looks like Settings is coming in for similar treatment. He and other Windows watchers suggest — and I concur, based on eyeballing things for myself — that this is something real, if still only narrowly visible.

Overall, I think it’s a good look for Windows 10. And it certainly shows the influence of clean, simple designs and visuals that is bleeding over from the smartphone world onto the desktop. But with users ever more inclined to switch between mobile and desktop views of their apps and data, this has to be a good thing.

I’m curious to see how quickly Microsoft will start rolling this into other Settings facilities. Beyond that, I’m wondering if this will continue to show up in 202XX and 212XX Dev Channel builds. If it  targets 21H2 and 212XX is its associated release/build family, it makes sense to me that these changes may focus there. I guess we’ll just have to wait and see, because so far MS isn’t saying much about what separates the two release families.

Facebooklinkedin
Facebooklinkedin