Category Archives: Cool Tools

Icons Make Their WinTerm Debut

Picture a freshly wiped Lenovo ThinkPad X12 Gen 1 Hybrid tablet. Windows 11, clean install, not a single orphaned registry key or stale cache entry to its name. I had spent an entire Saturday — a real, honest, could-have-been-doing-anything-else Saturday — systematically troubleshooting seven distinct layers of the Windows stack, trying to coax winget into rendering package icons inside Windows Terminal. First, I checked the pipeline. Then, I checked the frameworks. Finally, I checked the fonts, the settings, the preview builds, and the GitHub issue tracker. My conclusion, published with the full confidence of a man who had just inspected every plumbing joint in the house, was that the feature didn’t exist yet. The faucet wasn’t connected to anything.

Why Say: Icons Make Their WinTerm Debut?

I was wrong. The icons were there all along, hiding behind a single toggle nobody told me about. Now, running winget list --details,most of the 140 installed packages display beautiful sixel-rendered icons inline in Windows Terminal. The 7-Zip logo in crisp black and white (see lead-in graphic). CPU-Z’s purple microchip. Everything’s orange magnifier. Many, many packages, adorned and accounted for. The bloody icons are alive.

Synopsis: TL;DR

After seven layers of troubleshooting on a pristine clean install that ended in defeat, the fix turned out to be embarrassingly simple: update to winget preview v1.29.70, add "enableSixels": true to the winget settings file, and restart Windows Terminal. That’s it.

Three steps, one hidden toggle, a plethora of package icons rendered in full sixel graphics glory. The seven-layer journey wasn’t wasted — it built the foundation that made the fix possible — but the actual answer was only one JSON property deep.

The Clean-Install Gambit

The Lenovo X12 Hybrid was the perfect test bed. I’d done a fresh clean install of Windows 11. That curred partly because a failed experiment with Secure Boot EFI data had left the boot configuration in a philosophical state. And partly because I wanted to try Smart App Control on a virgin system. No leftover manifests, or stale caches. No conflicting side-loaded packages from six months of tinkering. A blank slate. If icons were going to work anywhere in the known universe, this was the place.

The first round of troubleshooting — documented in painstaking detail a now-abandoned “Still No Bloody Icons” post — ended with a serious verdict. The icon rendering pipeline doesn’t exist. Every layer of the stack was sound, every component was healthy, every dependency was present and accounted for, but winget simply wasn’t emitting anything visual. The conclusion was deeply unsatisfying but seemed defensible. It was also, as it turns out, incomplete.

The Seven Layers: A Brief Retrospective

Before we get to the breakthrough, let’s do a brisk lap through the original investigation. Think of this as the training before the final fight — except the opponent was a JSON property, and the training took eight hours.

Layer 1: App Installer/Preview Pipeline.

I sideloaded the preview .msixbundle, navigated the privilege boundaries between the Microsoft Store and manual installation, and got winget preview running. The CLI worked. The commands parsed. No icons.

Layer 2: VCLibs and UI.Xaml.

The framework dependency chain — Microsoft.VCLibs and Microsoft.UI.Xaml.2.8 — had to be present for the preview to run. Downloaded them, sideloaded them, confirmed both were registered. Still no icons.

Layer 3: WinUI 3 Runtime.

I checked whether the Windows App SDK runtime was present, which it was, because Windows Terminal itself depends on it. Dead end, but a clean one.

Layer 4: Terminal Capabilities.

Tested output in both Command Prompt and Windows Terminal. Both showed identical plain text. The pipe was open; the faucet was off.

Layer 5: Fonts and Glyph Coverage.

I installed CaskaydiaMono Nerd Font, complete with its thousands of extra glyphs — Powerline segments, dev icons, weather symbols, the whole typographic buffet. Powerline segments in my prompt looked gorgeous. Winget output? Still plain text, dressed in its Sunday worst.

Layer 6: Terminal settings.json and Profile Configuration.

I did an exhaustive review of every setting, experimental feature, and flag in the Windows Terminal configuration. Renderer settings, text formatting options, experimental feature toggles — I read them all with the desperation of a man looking for his car keys in a coat he’s already checked three times. Nothing relevant.

Layer 7: Preview-Build Regressions and the Canary Channel.

I searched the GitHub issue tracker for every synonym of “icon” I could think of. Found discussions. Looked at mockups. Found companion app implementations and third-party extensions. What I did not find was any evidence of shipped CLI icon rendering.

The original verdict: “It’s not a regression. It’s not a bug. It’s an absence.” That verdict was wrong — but getting there was essential. It eliminated every false lead and left only the real answer, waiting patiently for me to circle back with fresh eyes and one additional search query.

The Real Deal: Layer 8 (Politics & Religion)

A few days later, I revisited the problem. Different day, different energy, different collaborator. This time I had Copilot riding shotgun, and instead of working bottom-up through the stack like a plumber checking every joint from the basement to the roof, we started with a simpler question: What changed in the latest winget preview releases?

The first discovery landed fast. Winget v1.29.70-preview had stabilized the list --details command and — this is the part that caught my eye — explicitly added icon rendering support. Not “planned.” Not “in development.” Added. Past tense. Shipped. The feature I’d declared nonexistent was sitting in a release that had dropped while I was busy writing about its absence. Timing, as they say, is everything.

Dealing with Dependencies

Installing it required the familiar dependency dance, the kind of manual choreography that makes you deeply appreciate package managers while simultaneously wrestling with one:

  • Grab Microsoft.UI.Xaml.2.8, extract it, and install the .appx from the extracted architecture folder
  • Install the DesktopAppInstaller license XML via Add-AppxProvisionedPackage
  • Install the .msixbundle itself with Add-AppxPackage

All done in an elevated PowerShell session, naturally. You haven’t lived until you’ve used a package manager’s own dependency framework to manually bootstrap the package manager.

But installing v1.29.70 alone didn’t do it. The second discovery — the actual fix, the thing that had eluded seven layers of investigation — was hiding in the winget settings file, accessible via winget settings. I already had "icons": true under the "visual" section:true under "experimentalFeatures". Those were documented. Those were obvious.

The Missing Link

But there was a third setting, never mentioned in any trouble-shooting guide, blog post, or Stack Overflow answer I saw:

{
    "visual": {
        "icons": true,
        "enableSixels": true
    },
    "experimentalFeatures": {
        "richOutput": true
    }
}

The enableSixels property is the linchpin. Without it, winget has no instruction to emit sixel graphics — even though Windows Terminal can render them and the server has the icon data ready to go. The "icons": true setting enables icon support but not the sixel encoding. Two switches that sound like they do the same thing. They don’t. One says “I would like icons, please.” The other says “Here is how you shall deliver them.” You need both.

After adding that one property and restarting Windows Terminal, I ran winget list --details and watched 140 packages scroll by — nearly every single one adorned with its sixel-rendered icon. The 7-Zip logo in crisp black and white. CPU-Z’s purple microchip. Discord’s round blue glyph. Firefox’s fox-wrapped globe. Every package, every icon, rendered inline in the terminal like it’s the future and we should be grateful.

The bloody icons were alive.

The Anatomy of the Fix

Now that the confetti has settled, let’s look at the tripod that had to be in place simultaneously. This is the part I wish I’d understood three weeks earlier, though I suspect I needed the seven-layer pilgrimage to truly appreciate it.

Piece 1: Windows Terminal 1.24+.

The terminal renders sixel graphics inline. This capability has been built in since v1.22 and is enabled by default — no special settings required. It was never the bottleneck. It was the one component that worked perfectly from the start, sitting there patiently while I blamed everything else.

Piece 2: Winget v1.29.70-preview.

This is the version that emits sixel graphics and has the stable list --details command. The older preview I’d been testing with (v1.29.50) could show the winget banner icon — the little “W” logo that appears when you run certain commands — but didn’t reliably render package-level icons. The distinction matters: seeing the banner icon confirmed that sixel rendering could work but didn’t tell me why individual package icons weren’t appearing.

Piece 3: The winget settings file with enableSixels: true

The missing piece. The hidden toggle. The one ring. This tells winget to actually encode icons as sixel graphics in its terminal output. Sans this setting, winget sends plain text — even if the terminal is sixel-capable, even if the icon data exists, even if you’ve set "icons": true and crossed every finger you have.

Behind the scenes, the icons aren’t stored in the YAML package manifests on the winget-pkgs GitHub repository. They’re auto-extracted server-side from installer executables during the validation pipeline, then compiled into the compressed index that winget downloads during source updates. This extraction process was enabled in late 2024, which means the icon data has been quietly accumulating in the index for months — waiting for someone to flip the switch that tells winget to actually use it.

Component What It Does Was It the Problem?
Windows Terminal 1.24+ Renders sixel graphics inline No — already working
Winget v1.29.70-preview Emits sixel graphics for package icons Partially — needed updating
enableSixels: true Tells winget to encode icons as sixels YES — the missing piece
Server-side icon index Auto-extracted icons in compressed index No — already populated

The Red Herrings

No investigation worth its salt is complete without a few false trails, and this one had its share. Early tests with the --name filter — for example, winget list --details --name "Windows Terminal" showed no icons, which sent me chasing theories about manifest coverage and incomplete icon databases. Were some packages missing icon data? Were MSIX-packaged apps excluded from the server-side extraction?

I went spelunking through GitHub discussions suggesting that the extraction pipeline didn’t work for all installer types. It turns out the terminal session needed a restart after changing the settings file. The filter works fine. The icons were there. I was looking at stale output and drawing conclusions from it, which is the troubleshooting equivalent of reading yesterday’s weather forecast and complaining that the meteorologist lied.

Another false trail: the winget show command. It doesn’t display package icons — never has, apparently isn’t designed to. The icon rendering is exclusive to list --details. If you’re testing with the wrong command surface, you’ll produce the same old plain text and conclude nothing has changed.

I lost about thirty minutes to this particular detour before Copilot gently suggested I might be looking in the wrong room. And those concerns about MSIX-packaged apps lacking icon data? Unfounded. Many of my 140 packages — exe installers, MSIX bundles, and everything in between — had their icons. The extraction pipeline is, apparently, less picky than the GitHub discussions led me to believe.

What I Learned

The seven-layer expedition that ended in “the feature doesn’t exist” wasn’t wasted. I want to be clear about that, because it would be easy to read this post as “I spent eight hours troubleshooting something that required three steps” and conclude that the eight hours were pointless. They weren’t. Every dead end eliminated a variable. Every layer confirmed a component was healthy.

The mental model of the winget architecture, starting from the CLI surface through the App Installer framework, down through the WinUI and VCLibs underpinnings, all the way to the terminal’s rendering pipeline paid real dividends when it came time to identify the actual fix. I knew exactly where the gap was because I’d already verified everything else.

The actual lesson is subtler than the original post’s triumphantly grim “sometimes the feature doesn’t exist yet.” The revised lesson: sometimes the feature does exist, but it’s hiding behind a toggle that isn’t documented in any obvious place. The enableSixels setting isn’t prominently featured in winget’s help text. It’s not in the release notes, at least not in any section I found. Not on the GitHub wiki’s settings reference page, either. It’s the kind of setting you’d only discover by reading source code diffs, stumbling across a buried comment in a pull request, or having a very persistent collaborator who doesn’t get tired and doesn’t get discouraged.

Troubleshooting Two-Step

There’s a broader point here for fellow troubleshooters, and it’s one I plan to tattoo on my forearm in a readable monospaced font: when you’ve eliminated every plausible explanation and concluded something is impossible, put a pin in that conclusion. Don’t throw away your work — it’s still valid diagnostic groundwork.

Then, revisit the question when the software updates. Your seven-layer foundation didn’t disappear. The components you verified are still verified. The answer might be one release and one hidden toggle away, waiting for you to come back with fresh eyes and a slightly different search query. And maybe, just maybe, bring a collaborator who doesn’t share your blind spots.

Closing

The icons have arrived. Not “sometime.” Nor “in a future release.” Not “probably, if you squint at the right preview build.” Now. Lots of them, rendering in full sixel graphics in Windows Terminal, each one auto-extracted from its installer binary and compiled into the winget index by Microsoft’s servers. The pipeline that the original post said didn’t exist? It existed all along — it just needed one bloody toggle to turn it on.

I’m no longer reading plain text like it’s 1985. And I’m liking that just fine. Here in Windows-World, that’s cause for celebration. Hold my beer…

Facebooklinkedin
Facebooklinkedin

Dude, Where’s My Icons?

I just spent a couple of frustrating but informative hours trying to get icons to show up with WinGet on the latest Canary build (29558.1000). What started out as a minor visual quirk turned into a deep dive into the innards for App Installer, feature flags, and system-level packages. I’ll provide a step-by-step list of what I did, what I learned, and what others running Canary builds should know. At this point I’m still asking “Dude, where’s my icons?” for WinGet output. But I now know I won’t see them any time soon. I’ll explain…

Steps in Resolving “Dude, Where’s My Icons?”

The first step was to verify the WinGet version and its capabilities. Running winget –info revealed I was on version 1.29.50-preview. Notably, that output lacked usual capability lines including VT Support or Rich Output. That was my first clue that something wasn’t quite right.

Next, I visited the Microsoft Store. I navigated directly to the App Installer product page using the canonical link. The Store offered an Install button. When I clicked same, I expected it to overwrite the preview build with the stable version. After installation, the Store indeed reported the app as Installed. It lied!

I then closed all terminal sessions and opened a fresh CMD tab to recheck winget –info. Unfortunately, the version remained 1.29.50-preview. Worse still, the missing icon issue persisted. To investigate further, I ran PowerShell as Administrator and executed Get-AppxPackage Microsoft.DesktopAppInstaller -AllUsers. The output showed only one package: version 1.29.50.0, marked as NonRemovable. Was I stuck?

Yes, I Was Stuck…

The crux of the matter rests on how Canary builds handle App Installer. On these builds, the preview version of App Installer is baked into the OS image. Indeed, it’s registered as a system-level package. Because it is marked NonRemovable, neither the Microsoft Store nor PowerShell can uninstall or override it. That explains why even though the Store shows the stable App Installer as Installed, Windows continues to use the preview version.

Yep, sez right at bottom: NonRemovable: True

This locked-in preview build lacks support for feature flags like Visual Icons and Rich Output. Alas, their lack also explains the missing icon column in WinGet output. No attempts at reinstalling, resetting, or tweaking settings.json can override this limitation. Stuck indeed.

Note: the lead-in graphic for this story comes from the Build 29558.1000 announcement blog. I can see that damnable delectable icon there in the posting, but I’ll be darned if I can make it show up on my Canary install. Go figure!

 

 

Facebooklinkedin
Facebooklinkedin

Magician Internal Updater Lags Behind

I have to chuckle. In making my morning rounds, I see at TechPowerUp.com that there’s a new version of Samsung Magician out — namely, 9.0.1. So I jump into Magician and check its internal updater, which tells me I’ve got the latest version: 9.0.0. Alas, as Copilot tells me, it’s not unusual for the utility to do this. Indeed, as a matter of observed practice, the Magician internal updater lags behind Samsung’s software release schedule. It’s all laid out in the lead-in graphic. Let’s explore…

Why Magician Internal Updater Lags Behind

Apparently, Samsung waits until a new release has been out for some while before updating its xml-based manifest to make it known to the Magician updater through its update servers. According to Copilot, Samsung has been ill-served during previous release cycles by “buggy Magician releases,” “firmware-pushing issues,” “NVMe driver conflicts,” and so forth.

Thus, the company releases the new software first through public channels such as TechPowerUp, MajorGeeks, SoftPedia and other file-sharing sites. It then watches user responses from early adopters for up to a few days, and sees what the uptake and reactions are like. It’s not unusual for the manifest to lag behind by hours or days.

As you can see from the lead-in graphic, 9.0.1 was released today (3/30/2026). So it could be later today,  tomorrow, or even later this week before the built-in updater catches up. Unless Samsung pulls 9.0.1 back and decides to push out another, hopefully better release later on.

Here in Windows-World, the release paths for software often tell a story. The one for Samsung Magician is pretty interesting, and shows the value of lessons learned from prior history. You might say “Better later than sooner, especially if problems present!”

Note Added 2.5 Hrs Later: It’s Here!

Reading over ElevenForums traffic in the Devices & Drivers forum just now, saw a user report that Magician is offering 9.0.1 now. Just checked here and — there it is! Installing now, and glad to see it was a matter of hours, not days (or a pullback, either).

Works, too! Looks like we get to do things the easy way this time.

Facebooklinkedin
Facebooklinkedin

Reverse DNS Lookup Reveals Router Change

I’m pretty fond of the free network scanning tool named Advanced IP Scanner. It’s much more predictable and reliable than the Network facility built into File Explorer. It also makes it easy to do stuff to and over the network. I’ve been noticing on my LAN recently that an increasing number of PCs (and other devices) get DHCP names that end in “.lan” (see the lead-in graphic for more info). So I used a PowerShell script to do a reverse DNS lookup to double-check this. And indeed, this reverse DNS lookup reveals router change in my SAC2V1A Spectrum-supplied router. Looks like it got a recent firmware upgrade that changed its DNS/DHCP behaviors.

How Reverse DNS Lookup Reveals Router Change

I created a PowerShell script to talk to the router and give me DHCP names for all of the nodes it handles, using the ARP (address resolution protocol) as my foundation. If you look at this WinTerm screencap, the pattern is unmistakable:

I forcibly used ARP to drive reverse DNS lookups (from IP address to name from the router’s name table) for all active IP addresses. Notice that every single name here ends with the “.lan” suffix. That tells me Spectrum pushed a firmware update to the box, because it didn’t used to do that consistently for all items.

Why Advanced IP Scanner Shows Some Unadorned Names?

Advanced IP Scanner uses multiple techniques to resolve IP addresses to names. Among this is the NetBIOS Name Service (NBNS), Link-Local Multicast Name Resolution (LLMNR), Multicast DNS (mDNS), SMB/NetBIOS over TCP, and Reverse DNS (PTR lookup). Some or all of these return bare machine names, lacking the .lan suffix. As far as I can, whichever of these lookups responds first is the one that makes it to the name table. And that’s why Advanced IP Scanner shows different name strings than does my script.

Weird and wonderful are the ways of Windows-World. And few are anywhere near as weird, or as wonderful, as the ones that make name resolution work on Windows networks. QED!

Facebooklinkedin
Facebooklinkedin

WinGet Versions May Affect Installs

I just saw something interesting running WinGet on multiple PCs here at Chez Tittel. On my production desktop (Flo6) running production Winget (Version 1.27.470.0) a Teams update just failed with error message “…system cannot find … file specified (0x80070002).” On my Canary test system (X12Hybrid) running preview Winget (Version 1.29.30.0) that very same update succeeded. Inevitable conclusion: WinGet version may affect installs and updates, including success or failure. Who knew? Let’s discuss…

Why WinGet Versions May Affect Installs

Copilot confirms my suspicion that version differences sometimes affect update or install behavior. It says (and I concur) “some WinGet releases and App installer builds handle extraction and temp paths differently; newer/older builds can succeed where others fail.” Isn’t that strange — but typical — for Windows stuff anyway?

Fortunately, the in-app updater in Teams popped up as soon as I opened the app up. It, at least, was able to update itself successfully. So I applied the old principle: if you can’t do it one way, try another, and got past this hurdle anyway.

Is It a Version, or an Instance?

Then I went looking at my other production level PCs here at Chez Tittel. I looked at 4 other machines in my office all running Windows 25H2 Build 26200.8037 (latest production build). None threw the same error, though all are on the same Windows, Winget and Terminal versions. Interesting! My other production machines, however, did post this warning (in yellow) after the Teams update:
“Successfully installed. Restart the application to complete the upgrade.” (That warning does not appear in the lead-in graphic, which comes from a preview WinGet version instead.)

I’m left with no choice to conclude that it’s the configuration of the particular machine (Flo6) that’s somehow suffering or different. Based on what Copilot told me, it’s likely a PATH issue of some kind. As the old Internet adage goes so well for Windows: YMMV. Indeed, it just did!

Facebooklinkedin
Facebooklinkedin

Build 26220.8062 Settings Integrates RPs

Last Friday, MS released a new Beta Channel build to Insiders. In these insider previews, things of interest do pop up from time to time. Methinks one particular new capability in that release will interest readers. Namely, Build 26220.8062 Settings integrates RPs (Note: I abbreviated Restore Points as RPs here, for brevity). You can see what this looks like in the lead-in screencap. This is fascinating, and I’ll tell you why…

What’s Noteworthy, as Settings Integrates RPs in Build 26220.8062?

Over the past decade, MS has been surely moving functions from Control Panel to Settings. While that pace has been glacial, this marks major movement in that long-persisting icecap. You used to have to work through the “System Protection” tab in the System Properties Control Panel item to handle restore point status and access. No more. As the lead-in graphic shows, it’s now integrated into Settings > Recovery. And there’s more…

If you click the “View or edit” (Restore Points) button at the right of the “Point-in-time restore” item shown above, you’ll get a sub-menu that lets you:

  • Turn RP capture on or off
  • Manage RP frequency (default is “Every 24 hours”)
  • Manage RP retention (default is 72 hours)
  • Fix restore point disk usage
  • Access a list of available restore points (with time stamps)

Here’s that that looks like on my X380 Yoga test PC:

From what I can tell, the upgrade turns RPs on by default. Notice they already consume 7GB of disk space.

This is a major shift in Windows functionality. I checked and the old standby — easily run as SystemPropertiesProtection.exe — remains available in this build. I guess MS will offer them side-by-side for a while as is their usual practice.

Big doings in this latest Beta release. Nice to see another big chunk of Control Panel capability make its way into Settings. Here in Windows-World, that counts as “real news:” now you know!

Facebooklinkedin
Facebooklinkedin

ASUS Router Triggers Security Review

In reading ARS Technica, I couldn’t help but observe that a major exploit around the KadNap is hitting ASUS routers around the world. “Hmmm,” I thought to myself, “Don’t I have one of those?” Indeed I do. But I’m pleased to report that it’s operating in AP-only mode, has the most current firmware available, and not susceptible to drive-by or external attack. Given how many similar devices have been pwned, I’m happy that when ASUS router triggers security review, the overall results are positive. Or at least, not overly scary…

ASUS Router Triggers Security Review:
Now What?

I couldn’t help but notice I bought this device back in 2018. It’s definitely past the “age of replacement!” So now, I’m looking around for something else to take its place. Copilot recommends multi-node mesh devices, but they’d have to integrate built-in switch capability with 2 or more additional RJ-45 ports to be worth installing.

Good news! Many models for Wi-Fi 6E and 7 include two or more 2.5 GbE ports. That lets me use existing RJ-45 wallplates to accommodate them, and lets me retain connectivity to already-present wired devices. Sounds like a plan!

Now all I have to do is come up with the funding. Here in Windows-World, where’s there’s a will — and the money — there’s almost always a way. I’ll add this to my “to buy, and to do” list!

 

Facebooklinkedin
Facebooklinkedin

DDU Fixes GPU Driver Disasters

Today’s blog post is a paean to a tool named Display Driver Uninstaller, popularly known as DDU. It’s long been part of most Windows admin and power user toolboxes. DDU comes from Wagnardsoft, but well-known 3rd-party mirrors also include Guru3D and TechPowerUp. DDU remains a useful tool at completely replacing GPU drivers and their Windows infrastructure when graphics go wrong. It’s also a great way to switch from one GPU type to another. Say, from NVIDIA to AMD, or vice-versa, or even from one of them to Intel ARC. TL;DR version: DDU fixes GPU driver disasters and lets you switch types with little muss or fuss.

Why Say: DDU Fixes GPU Driver Disasters?

Over the past 9 days, we’ve seen an unusually fast series of NVIDIA Game-Ready GPU drivers (with one evanescent Studio driver on February 26). That Thursday saw both versions make an appearance that provoked immediate issues and outcry; version 595.59 was withdrawn less than two hours after its release.

Then on Monday, March 2, NVIDIA fired off Game-Ready version 595.71. Users soon began reporting diminished performance from this driver (especially for certain, GPU-intensive games). Further inspection (using tools like GPU-Z) observed that it imposed voltage caps on RTX 50-series GPUs to limit damage potential. At the time, I wondered if this wasn’t like putting “chewing gum on top of baling wire” to fix things.

On March 4, 2026 (Wednesday), NVIDIA dropped a hotfix to address these issues, in the form of 595.76. It addressed the voltage capping, and a variety of other game-specific glitches and gotchas. Since then, things on the NVIDIA Game-Ready driver front are steady, if somewhat uneasy. This is the first time in YEARS that the company has had two unstable Windows Hardware Quality Labs (WHQL) designated drivers follow in quick succcession.

Rollback Versus Deep Cleanup

So far, users have been able to recover from these updates without lingering issues. In the past, GPU driver glitches have resulted in black or stuttering screens, serious and ongoing display disturbances (aka “screen artifacts”), driver store damage, or bothersome system or GPU installer instability or crashing. When those things happen, that’s when DDU comes into its own. It cleans up all of the old GPU driver stuff and gets rid of whatever’s causing problems, then lays down a brand-new, clean and (hopefully) reliable replacement runtime to get your GPU(s) working properly once again. Hopefully, it’s obvious this capability also makes DDU excel at “out with the old, in with the new” actions when switching from one GPU type to another.

Did the recent NVIDIA debacle call for DDU? No it did not. I personally observed that the rollback facility in Device Manager took my system back from 595.59 to 591.74 (Studio). Other users have consistently reported that Game-Ready drivers also rolled back successfully as well (591.86 in most cases).

Even though this latest spate of Game-Ready drivers has caused some commotion, it hasn’t seemed to cause much need for DDU. Not this time around, anyway. But it’s good to know that DDU is out there should you need it. Or should you be switching from one GPU type to another. Here in Windows-World it’s better to have such tools and not need them, than to need them and not have them!

Facebooklinkedin
Facebooklinkedin

Web Extensions Stymie Input

While trying to conduct a cash transfer online yesterday, I ran into an interesting — and new (to me, anyway) — problem. In attempting to provide account and identity information I found myself unable to enter data into the very input form that was soliciting same. “Hmmm,” I wondered to myself, “Why is this not working?” So I decided to ask Copilot. It immediately informed me that things such as auto-fill. password managers, and related “conveniences” can step all over input fields inside certain web pages. The TL;DR diagnosis, put succinctly, is some Web extensions stymie input.

Copilot recommended that I open an incognito window, and try again. Guess what? That worked like a champ!

Why Web Extensions Stymie Input — In Some Cases

In my case it looked like a combination of Chrome auto-fill and the Norton Password Manager were conspiring against the input page to prevent it from seeing and handling my input as it should. As soon as I got those things out of the way, the input problems disappeared.

I’ve been building websites and writing about markup languages for over 30 years now, and this is the first time I’ve run into this phenom. Apparently I’ve been incredibly lucky, because it happens on a lot of websites, especially those built to handle multiple languages and character sets. It just so happens this particular gotcha never bit me until yesterday, when it bit hard (and drove me just a  tad bonkers).

KISS Remains a Valuable Approach to New/Unfamiliar APIs

KISS is, of course, the acronym for “Keep It Simple, Stupid!” It’s a good approach to keep in mind when working with new and unfamiliar apps, user interfaces, and the code beneath those skins. By simplifying the text handling the browser performed when providing input, I allowed the target web page to do its job without lots of other stuff going on in the background.

A simple, straightforward text entry environment let the web page accept input straight from my keyboard, with no extra processing or data delivery. Apparently, that was just what it wanted or needed to get the job done.

Here in Windows-World, not stepping on yourself is often the key to a successful user experience. Once my browser got itself out of the way, the web page was able to take it from there. I’ll count that as an unqualified success, and an interesting learning experience.

Facebooklinkedin
Facebooklinkedin

Sysmon Lands in Windows 11 Beta

Lots of Windows nerds have spent years bolting Sysinternals’ Sysmon into every PC we work on. For them — and me — the latest Windows 11 Beta build (26220.7752) brings a welcome surprise: Sysmon is now a built-in optional feature. That’s right — no more downloading, unzipping, or scripting installs from Sysinternals. No need to run its handy web-based version, either. Microsoft has quietly slipped this powerful tool into the OS itself, and it’s ready to roll with some simple PowerShell commands.

What Sysmon Lands in Windows 11 Beta Means

Sysmon (System Monitor) has long been a staple in toolkits for security pros, blue teamers, and forensic analysts. It provides deep visibility into system activity — process creation, network connections, file writes, registry changes, and more. Until now, deploying Sysmon meant managing binaries and XML configuration files. With its inclusion as a Windows Optional Feature, Sysmon becomes easier to deploy, update, and manage across PC fleets.

PowerShell: Enable and Install Sysmon

To enable the built-in Sysmon feature from Windows itself, and then start monitoring stuff, run these two commands:

Enable-WindowsOptionalFeature -Online -FeatureName Sysmon
sysmon -i

In case it’s not obvious, the first command enables the Sysmon feature; the second installs it, ready for use.

Quick Peek: View Sysmon Events

Here’s a PowerShell one-liner that shows the 25 most recent Sysmon events.  Gives a taste of how it works and what it shows:

Get-WinEvent -LogName “Microsoft-Windows-Sysmon/Operational” -MaxEvents 25 | Format-Table -AutoSize

Unless your PC is acting up or ill, sysmon mostly shows process creation and termination (like here).

What Sysmon Illuminates

Sysmon shines brightest when you need to understand what’s really happening under the hood in Windows. It logs detailed info about process creation, including parent-child relationships, command-line arguments, and DLLs loaded. Sysmon captures network connections with source and destination IPs, ports, and process IDs. It can even detect code injections, image loads, and registry modifications. With a well-tuned configuration, Sysmon becomes a forensic goldmine. It’s like a time machine for system activity. Properly used, it can help you trace malware behavior, insider threats, and suspicious persistence mechanisms.

Adding Sysmon Into the Mix Is Good!

The integration of Sysmon into Windows 11 Beta is a quiet but powerful shift. It signals Microsoft’s growing commitment to built-in security observability and makes it easier than ever to deploy advanced monitoring at scale. For IT pros and security teams, this is a win. If you’re running a Beta build, it’s time to fire up PowerShell, flip the switch, and start watching your system like never before.

Showcasing Sysmon in Action

Sysmon’s long history in the Windows ecosystem is best illustrated through several well‑known case studies that show how deeply it illuminates system behavior. Both cases listed below not only show Sysmon’s diagnostic power but also its ability to reveal subtle, causal relationships that define complex system activity.

  • Mark Russinovich – Case of My Mom’s Chronically Infected PC: A classic Sysinternals investigation where Sysmon and related tools helped uncover persistent malware reinfection patterns. [URL is 404, look for episode 108 through the WayBack Machine {checked}]
  • License to Kill: Malware Hunting with the Sysinternals Tools (2021): In this case study, Mark Russinovich demonstrates how Sysmon’s detailed process‑creation and network‑connection telemetry exposes true behavior of a persistently compromised system that traditional antivirus repeatedly missed. By correlating Sysmon events with suspicious activity patterns, he shows how threat hunters can reconstruct attacker techniques, identify persistence mechanisms, and ultimately eradicate deeply embedded malware.

Together, these cases demonstrate Sysmon’s unique strengths: high‑fidelity process creation logging, deep visibility into network connections, precise registry and file‑system monitoring, and the ability to reconstruct causal chains that ordinary Windows logs simply cannot express. Whether used for diagnostics, security investigations, or system forensics, Sysmon remains one of the most powerful visibility tools available on Windows.

And that, dear readers, is why Sysmon is already well-regarded in Windows-World. That’s ultimately what makes it a amazing addition to the collection of built-in Windows features.

Facebooklinkedin
Facebooklinkedin