All posts by Ed Tittel

Full-time freelance writer, researcher and occasional expert witness, I specialize in Windows operating systems, information security, markup languages, and Web development tools and environments. I blog for numerous Websites, still write (or revise) the occasional book, and write lots of articles, white papers, tech briefs, and so forth.

Pondering Windows Experience Pack Updates

I’m still at the point where it’s all sinking in. Thus, I read with interest at WindowsLatest this morning that “Microsoft is testing another new Windows 10 Experience Pack update.” I went to check update history on one of my Release Preview machines (the Surface Pro 3). And sure enough, I see a corresponding update to match the Experience Pack version info from Settings → System → About shown in the lead-in graphic. That’s got me pondering Windows Experience Pack updates in general, and hoping we’ll see them put to work for something more … err … substantial that screencap tweaks in the near future.

Pondering Windows Experience Pack Updates.update-history

While Pondering Windows Experience Pack Updates, I Hope for More Action

Once I learned that KB4601906 was in the picture for this change, I jumped first to the Microsoft Catalog to see if it was there. No such luck. Likewise, as is often the case, a search on KB4601906 through Google turns up lots of third-party hits, but nothing from MS itself. Clicking on the link in update history, however, is another story. That gets me to an MS Support item named January 12, 2021—KB4598242 (OS Builds 19041.746 and 19042.746). That takes me to a blurb on the wrong Knowledge Base article. A direct search for “KB4601906” at MS Support turns up … nada.

Of course, I learned what I could from WindowsLatest and other similar items from TenForums and other places. @Brink reproduces the Windows Insider blog item that finally sheds a little light on the subject. In that item, Brandon LeBlanc says

We are improving the reliability of screen snipping experience, especially with apps that access the clipboard often.

More importantly, near the end of his post, he goes on to say

…we are testing this new process out with Insiders to deliver new feature improvements to customers outside of major Windows 10 feature updates. Right now, we are starting out with a really scoped set of features and improvements. Over time, we hope to expand the scope and the frequency of releases in the future.

No News Is … No News

I get it now, and think I already understood this. MS is working with the Windows Experience Pack as a way to deliver new feature improvements without resorting to a semi-annual feature upgrade. They’re still testing and haven’t done anything serious or significant with this yet. But they will, someday. Soon, I hope. Stay tuned!

 

Facebooklinkedin
Facebooklinkedin

Insane GPU Prices Make Recycling Old Tech Sensible

It’s time for me to refresh my desktop PC. The old motherboard runs a Z170 chipset with a Skylake I7-6700 processor. The former made its debut in August 2015 and the latter one month later. If memory serves, I built this machine in mid-2016. That makes the technology more than 5 years old, and the PC closing in fast on that age. I’ve been planning a new build for a while now. I just went back to check parts prices. For me, given a still working Nvidia GTX 1070 card in the current build,  today’s insane GPU prices make recycling old tech sensible.

What Insane GPU Prices Make Recycling Old Tech Sensible?

If memory serves, I paid around US$500 for my GPU when I bought it over 5 years ago. Guess what? That same card costs costs US$500 now! A more modern Nvidia 2070 card goes for around US$1,000. And the latest generation, top-of-the-line 3080 cards cost US$1,800 and up. I’m serious: these prices are really nuts!

Wait and See Is All I Can Do

I’d already planned to re-use my case. Other items in my planned bill of materials include a Ryzen 5 5600X 6-core CPU (US$420), Noctua NH-U12A cooler (US$150), MSI Meg X570 Unify mobo (US$400), 32GB (2×16) DDR4-3200 (US$155), 2xSabrent PCie 4.0 M.2 1 TB SSD (US$340), and a Seasonic Platinum PX-850W PSU (US$170). Total price, sans GPU: US$1,635. That’s more than I spent on my last build, but includes two fast, sizable SSDs and a beefier power supply.

As for a new GPU, it’s on hold until prices come down. I can live with the 1070 GTX until 2070/3070 prices recede from 4 figures. Or, I can wait for a windfall — or a wild hair — and take the plunge at another time. There’s no hurry.

For the moment, I can really and truly assert once again that current GPU prices are just crazy. Sigh. It’s always something, right?

Facebooklinkedin
Facebooklinkedin

TreeSize Offers Valuable System Volume Information Insight

The JAM Software program TreeSize is a great visualization tool for examining (and pruning) Windows disks. For those disinclined to buy a full-blown copy, the TreeSize Free version (shown in this story’s screencaps) will suffice. These days, in fact, I recommend TreeSize over the older Open Source WinDirStat project. Both provide colorful, easy-to-read tree map diagrams for disk space consumption. But WinDirStat hasn’t been updated since 2016, and JAM is keeping up with TreeSize in all of its current manifestations. Certainly, there’s no disputing that TreeSize offers valuable System Volume Information Insight.

And, in fact, WinDirStat doesn’t shed much light on the contents of the System Volume Information (SVI) folder found in every NTFS volume. TreeSize, OTOH, tells you quite a bit about where the space in that folder is going and can help guide at least one easy clean-up maneuver.

In the paragraphs that follow, I’m going to follow up on my January 13  “restore point failure” story. In this story, I’ll show both before and after screenshots (in reverse order).  The lead-in graphic for this story shows what a pared-down 2.2 GB SVI folder looks like. It’s the “after” shot, taken after I turned off restore points on my production PC and instructed the System Protection control panel widget to delete all existing restore points. Why keep them if you don’t plan to use them ever again? Gone!

The next screenshot shows the “before” state for that folder. Note its size is 13.8 GB and the primary items shown are all restore points ranging from 3.1 to 2.5 GB in size. Deleting them reduced the size of this folder by 11.6 GB — a pretty substantial disk space reclamation.

TreeSize Offers Valuable System Volume Information Insight.before-restore-point-delete

Pretty much all you can see in this before SVI shot is a handful of BIG restore point files.
[Click image for full-sized view]

How TreeSize Offers Valuable System Volume Information Insight

Simply put, TreeSize makes file and folder information available for the contents of the SVI folder. Digging into the “after” display, one can mouseover any item therein. This provokes an information display a couple of seconds later. This appears as a pop-up windows that provides information including Name, Full Path, Size, Allocated, % of Parent allocated, Files (count), Last modification timestamp, Last accessed timestamp, and more. This information is quite informative and can be helpful.

In looking at the “after” shot at the head of this story, you can see that SVI includes folders for a variety of MS apps, Office.OneNote, Windows Photos, Skype, Office.Sway, and a whole bunch more. I’ve never seen this level of detail for SVI before. You can even zoom in on individual items to see what’s inside them, if you like.

IMO, TreeSize Free is a great tool for all kinds of uses. In this case, I’m glad that it confirms significant space savings thanks to turning off restore points and deleting existing saved restore points. Good stuff!

Facebooklinkedin
Facebooklinkedin

19043 aka 20H1 Early Tryout How-to

Here’s an interesting experiment for those with a spare test machine handy.  Note that this machine must run Insider Preview Beta or Release Preview Channel Build 19042.782 with KB4598291 installed. I found a handy collection of DISM commands from poster “moinmoin” at DeskModder.de. If run in an administrative Command Prompt or PowerShell session, the PC will advance to 21H1, as shown in the lead-in graphic for this story. It serves, therefore, as a 19043 aka 20H1 early tryout how-to for adventurous insiders.

Working Through 19043 aka 20H1 Early Tryout How-to

Essentially, the following sequence of commands does piecemeal what a full-blown enablement package does behind the scenes. In fact, DISM runs a series of .mum files, which are XML files that provide instructions to the Windows Update Installer for performing specific updates. Honestly, I’m not sure how “moinmoin” figured this sequence out. I’m guesssing he worked from analysis of other, earlier enablement packages. But that sequence worked on my Lenovo X380 Yoga test machine, which had been running 19042.782 for a few days.

Please, look below for the sequence of commands. Warning: Those using German versions of Windows should get them from the original post. I’ll provide instructions on how to modify the command text for other languages afterward. It’s safe to assemble, then cut’n’paste these commands one at a time in PowerShell. That’s how I “upgraded” my Lenovo test PC, in fact.

Putting DISM Commands together

In fact, all these commands start with same master prefix string. Simply append the other sub-strings and fire them off at the command line to do your thing.

That master prefix string is:

Dism /Online /Add-package:C:\Windows\servicing\Packages\

The 8 suffix strings are (do not grab the numbers and the period that follows them — they’re to help you find stuff, not for command-line use):

1.microsoft-windows-product-data-21h1-ekb-package~31bf3856ad364e35~amd64~~10.0.19041.782.mum
2.microsoft-windows-product-data-21h1-ekb-package~31bf3856ad364e35~amd64~en-US~10.0.19041.782.mum
3.microsoft-windows-product-data-21h1-ekb-wrapper-package~31bf3856ad364e35~amd64~~10.0.19041.782.mum
4.microsoft-windows-product-data-21h1-ekb-wrapper-package~31bf3856ad364e35~amd64~en-US~10.0.19041.782.mum
5.microsoft-windows-updatetargeting-clientos-21h1-ekb-package~31bf3856ad364e35~amd64~~10.0.19041.782.mum
6.microsoft-windows-updatetargeting-clientos-21h1-ekb-package~31bf3856ad364e35~amd64~en-US~10.0.19041.782.mum
7.microsoft-windows-updatetargeting-clientos-21h1-ekb-wrapper-package~31bf3856ad364e35~amd64~~10.0.19041.782.mum
8.microsoft-windows-updatetargeting-clientos-21h1-ekb-wrapper-package~31bf3856ad364e35~amd64~en-US~10.0.19041.782.mum

Even for German (and other languages) the first command above stays the same. The German version of the second command above reads

Dism /Online /Add-package:C:\Windows\servicing\Packages\microsoft-windows-product-data-21h1-ekb-package~31bf3856ad364e35~amd64~de-DE~10.0.19041.782.mum

Note that the bolded language code for German German de-DE is embedded near the end of the string. To invoke the proper files for other languages substitute your language code where it appears. For example, a French speaker in France would use fr-FR, and a French speaker in Belgium fr-BE, and so forth. This applies to elements 2-8 for all languages, and is performed using string substitution on the German language version of the commands.

Necessary Precautions Beforehand

It’s probably wise to make a backup of your test PC’s OS image before you try this sequence of commands out. Also, make sure you have a working, bootable USB flash drive from which you can restore that backup. That way, should the worst happen, and your PC get bricked by the updates, you can boot to the UFD and restore the backup without too much muss, fuss, or lost time. Just because it worked on my Lenovo X380 Yoga doesn’t mean it will also work on your test PC. Better to have the backup and restore tools and not need them, than to not have them and suffer from their absence. Enjoy!

Facebooklinkedin
Facebooklinkedin

Build 19043 Becomes Likely 21H1 Candidate

The rumors started flying yesterday, first at WindowsLatest. But I couldn’t find evidence through the data they provided to back that up in the Windows registry. Then, this morning Sergey Tkachenko at WinAero.com came out with some more tangible proof in the form of registry key/value names to demonstrate that 21H1 action is afoot. I’m now inclined to agree that Build 19043 becomes likely 21H1 candidate for a Spring release.

Strong Hints Mean Build 19043 Becomes Likely 21H1 Candidate

In his story, Tkachenko proposes a string value  of Microsoft-UpdateTargeting-ClientOS vb_release_svc_prod3 10.0.19043.782 for an ultimate value of the Microsoft-Windows-21h1Enablement key. Just for grins, I searched on that value, and found nothing like it in either of my Release Preview (Build 19042.782) test machines.

Careful reading of his post leads me to  this analysis. Because 19041 became 20H1 and 19042 20H2, he’s guessing that 19043  matches up to 21H1. But so far, I’ve seen no hard evidence to support this assumption. That said, I do believe he may be right. I’ve seen nothing whatsoever to contradict equating 19043 with 21H2, either. And indeed, it is shared by many other Windows followers online.

How Much Longer Before We Know?

If you believe poster “moinmoin” at WindowsModder.de, an enablement package could appear as soon a next Patch Tuesday (February 9).  And if not then, he says, surely on or before the following Patch Tuesday (March 9).

It all depends on how this latest Release Preview update goes within the Insider Preview population that downloads and uses KB4598242. This test of the enablement package’s stability and usability, based on telemetry from its installers, could have a major impact on when 21H1 sees the light of day. If things go well, and no major issues or errors manifest, then sooner. If contrariwise, then later. We’ll see!

[NOTE}: To get the complete details on the Registry information from the lead-in photo from this story, right-click that image and select “View Image” (Firefox). Or, use your browser’s syntax to view the image by itself. Then you can read the values on-screen. HTH.

OK, Then: It’s Settled (January 24, 2021)

Thanks to a sequence of DISM commands that German-speaking Windows wizard “moinmoin” has shared at DeskModder.de, we now know how to “upgrade” PCs running Insider Beta or Release Preview channel build 19042.782 (or higher, presumably). I share all those details in a new article here entitled 19043 aka 20H1 Early Try-out How-to. I’d have to say this locks in the 19043/20H1 nomenclature conclusively, unless MS introduces a seismic shift in naming conventions between now and when 21H1 goes public.

Facebooklinkedin
Facebooklinkedin

Using Windows 10 Generic Keys

Sometimes, a Windows 10 PC requires a clean install. It might be because of disk failure or corruption, malware infestation, or any of a host of other good reasons. As long as Microsoft’s Activation servers (or your own KMS) recognize that PC, you needn’t worry about finding or obtaining a valid OS key. Instead, if prompted to supply a key during the install process, you can furnish a published generic key for your chosen Windows version. Using Windows 10 generic keys is perfectly OK, as long as MS already knows you have a valid license.

When Using Windows 10 Generic Keys, Use These!

You can find generic Windows 10 keys in many places with a simple search. I like the list at TenForums, because it’s simple and comprehensive. It also comes in the context of a peachy list of tutorials that explain how and when to use keys correctly. The lead-in graphic for this story is a snippet from its generic key table. That tutorial is named List of Generic Product Keys to Install Windows 10 Editions. Worth bookmarking, it tells you (or points you at) nearly everything you need to know about working with generic keys.

Note: KMS stands for Key Management Server, a Windows Server role that plays out in many enterprise or campus environments. That’s because those kinds of outfits usually work from volume licenses for Windows, and manage their own Windows keys for themselves. None of the Home editions have generic KMS keys because Home is not covered under volume Windows 10 license agreements.

What if a Generic Key Has No Valid Matching License?

You can use a generic key to install Windows even if there’s no matching license in the Microsoft Validation servers. But that installation will not activate unless you provide a valid key within 30 days of the installation date. After that, the product works only with limited features and personalization. It also warns you you’re in violation of license terms, which leaves you liable for unlicensed use of software. Those can result in potential fines and penalties if you’re found guilty of license fraud or misuse. Trust me: you don’t want to go there!

 

Facebooklinkedin
Facebooklinkedin

Exorcizing Zombie Adobe Flash Player Elements

Some Windows 10 users may see a Flash Info logo show up on their desktops. Don’t worry: that’s Adobe’s way of telling you the Flash Player remains active on your PC, and needs to be removed.  I wrote about Flash end-of-life (EOL) and removal techniques on December 29. That story reported the EOL date falling at year’s end. Apparently not everybody has worked through its various uninstall possibilities yet, either.  The TenForums thread “Strange Logo on Desktop” turns out to be an admonition from Adobe to make Flash Player go away. Alas, the process doesn’t work 100%. Thus, I’ll explain how one goes about exorcizing zombie Adobe Flash Player elements.

Exorcizing Zombie Adobe Flash Player Elements.flash-info-logo

Here’s what the Flash Info log looks like: a faded Flash logo with the “i” (information) element superimposed.

Several Flash Player Uninstall Options Available

Flash shows up in lots of places, apparently. Likewise, uninstalling it requires a variety of removal techniques.  Adobe’s warning for its Flash Player Uninstaller hints at this. It reads: “These instructions are NOT applicable to Flash Player included with Microsoft Edge or Internet Explorer on Windows 8 and later or with Google Chrome…” It advises those users to check out the Flash Player Help page for disabling same.

There’s also an uninstaller available via the Microsoft Update Catalog. Counter-intuitively KB4577586 is named “Update for Removal of Adobe Flash Player.” When downloading this item, be sure to grab the one that matches your current Windows version. Note: apparently, there is no such update for Windows 10 Version 20H2.

If Adobe Flash Player shows up in Programs and Features, you can use its built-in uninstall functions to get rid of it. Or you could turn to a third-party product like Revo Uninstaller to do the job instead.

Exorcizing Zombie Adobe Flash Player Elements May Require Manual Efforts

After running the afore-linked KB4577586, the original poster for the TenForums thread that prompted this story reports that the icon remained on his desktop. On top of everything else on screen, it wouldn’t get out of his way. Should that happen, one can remove the Macromed folder and its contents from these two parent folders:

1. C:\Windows\System32
2. C:\Windows\SysWOW64

Savvy readers will recognize that these folders are where Windows keeps 32-bit elements, tools and utilities for use on 32- and 64-bit systems, respectively. You may need to run a special-purpose delete utility to remove these folders or you can boot into command line recovery mode and delete them that way. Your choice. Either way, that should result in exorcizing zombie Adobe Flash elements that may still be hanging around your system. Et voila!

Facebooklinkedin
Facebooklinkedin

Simple Command Craters Windows10 PCs Immediately

It’s not often you see a warning like the one in the lead-in graphic for this story. Indeed, executing a certain string at the command line will immediately crash a Windows 10 PC and render it unbootable. Before I go into details, I’m concerned that a simple command craters Windows10 PCs immediately. (Windows 8, 8.1, and XP are also reportedly affected, but not Windows 7.) Opportunities for malicious use are mind-boggling.

[Note: the lead-in graphic comes courtesy of Sergey Tkachenko at WinAero,com. He posted the story in which it appears Friday, January 15.]

It gets worse. That same string also corrupts any targeted NTFS volume in a URL (just a portion of that string in the address bar will do it). Furthermore, it works from inside a ZIP archive, an ISO, VHD, or VHDX file, too. I’m stunned!

I actually debated myself for days on whether or not to share this info. I finally concluded that the Windows community needs to know. It might arm bad actors with new ammunition. Hopefully, that danger is offset by the increased care it should cultivate in everyone else who learns about it.

What Simple Command Craters Windows10 PCs Immediately?

The command can occur in a file reference at the command line or in PowerShell. The simplest invocation is:

cd c:\:$i30:$bitmap

That’s it. Doesn’t look like much, does it? It can address other drive letters (in which case, it will corrupt them instead). C: is particularly dangerous because it’s the default volume where Windows and all of its necessary pieces and parts reside. Once the string is entered, an error message appears. It informs you that “The file or directory is corrupted and unreadable.” Windows will attempt repairs via Chkdsk upon restart, but it will not succeed.

According to Tkachenko:

…users have figured that it is enough to paste the above ‘:$i30’ string into the browser address bar.

to crater the C: drive. Not good!

Holy Moly! How does THIS work?

This exploit is based on the NTFS $i30 index attribute, which ties into filesystem directories and contains a list of its files and subfolders, and may include deleted items as well as active ones. If you search on “$i30 index attribute” or “NTFS $i30 attribute” you’ll see it’s well-known to computer forensics professionals. It’s also a critical part of the MFT (Master File Table) structures for NTFS. Nobody yet knows or understands why referencing it in a command, URL, or archived file structure is damaging.

According to Tkachenko, the security researcher who found this gotcha says:

I have no idea why it corrupts stuff and it would be a lot of work to find out because the reg key that should BSOD on corruption does not work. So, I’ll leave it to the people with the source code…

MS knows about this now and is reportedly working on a fix. This one should be a doozy, and should get fixed as quickly as they can manage it. In the meantime, watch out!

Do NOT try this at home (or at work, or anywhere else, either). If you simply have to try it, do it in a throwaway VM. Otherwise, cleanup will take time and effort, even if it’s just to restore a backup. As the man said “You have been warned.”

 

Facebooklinkedin
Facebooklinkedin

WIMVP 2021 Renewal Granted

Dear Readers: I’m pleased and proud to report some good news via email from the Insider MVP Program on Friday, January 15th. My WIMVP 2021 renewal granted, I’m good for another year of participation in this interesting and outstanding program. The lead-in graphic for this story, in fact, is the header and part of the first paragraph from that e-mail.

WIMVP 2021 Renewal Granted.WIMVP-page

Here’s a snippet from my official WIMVP listing on the WIMVP website.

When WIMVP 2021 Renewal Granted, Then What?

In one sense, re-upping in the program just means more of the same:

  • keeping up with Insider Previews, and providing feedback whenever possible
  • writing and researching Windows 10 topics
  • following the traffic at TenForums
  • posting at least 5 times a week about Windows stuff
  • writing articles for ComputerWorld and other publications on Windows news, topics, tips and techniques

From a different perspective, it’s an active community of Windows experts and aficionados. There’s an in-house MS component through Michelle Paison and the whole Windows Insider team. There’s an out-of-house component — the WIMVPs themselves — scattered around the globe keeping up with Windows tools and technologies, and providing early, frequent and informed feedback to the in-house folks. We also have frequent meetings, to talk about Windows 10 topics, and to hear from various product development teams within MS. I count 89 named WIMVPs on the listings pages, which makes me feel lucky, and even more honored, to be found worthy to rank among them.

Becoming a WIMVP

One becomes an WIMVP through a nomination process, followed by an application process. Even previous WIMVPs (like me) must re-apply every year. That means documenting one’s contributions to the Windows community. In my case I get hits from my online content for the past year, report on TenForums activity and status, and report on presentations and other Windows related activity and involvement.

The WIMVP nomination form is not currently available because the program just switched to put all members on the same annual calendar. They used to re-up 1/4 of the population each quarter, but now they start accepting nominations in early October each year, and WIMVPs wishing to continue in the program must submit their applications by mid-November. I plan to keep participating as long as they’ll have me. It’s not only a great community, it’s a joy to take part!

 

Facebooklinkedin
Facebooklinkedin

Restoring Missing 21292 N&I Taskbar Item

Here’s an interesting learning adventure. Upon introducing Windows 10 Build 21286, MS also introduced a News and Interests (N&I) taskbar item. I covered this topic on January 8. But after upgrading my Lenovo X220 Tablet to a newer Dev Channel release, N&I disappeared. Remembering a related WinAero.com story, I followed its activation advice. And that, dear readers, is how I found myself restoring missing 21292 N&I taskbar item a few minutes ago. Here’s the deal…

Going About Restoring Missing 21292 N&I Taskbar Item

Restoring or activating N&I requires the third-party ViVe tool. Helpfully, it can enable or disable Windows 10 A/B and hidden features. Download ViVe from Github, where the latest release is v0.2.1. For myself, I just observed that v0.2.0 also works. That’s because  I just used it successfully on my X220T, not yet realizing a newer release is available.

After you download the ZIP file, extract it into a folder. Next, run an administrative cmd or PowerShell session from that folder. Then, execute the following sequence of commands:


vivetool addconfig 29947361 2
vivetool addconfig 27833282 2
vivetool addconfig 27368843 2
vivetool addconfig 28247353 2
vivetool addconfig 27371092 2
vivetool addconfig 27371152 2
vivetool addconfig 30803283 2
vivetool addconfig 30213886 2

Note: If using PowerShell, prepend the string “.\” before each command or it won’t work.

Cut’n’paste these commands into the window. Please execute each one individually. Next, you’ll need to restart your PC. Voila! The N&I item reappears in the Taskbar. At least, it did on my X220T PC.

8 Commands Too Much? Try Some Batch Files

OTOH, if you prefer, WinAero offers a ZIP file in its story. It  activates all necessary settings from one batch file, and deactivates them from another.

And remember, N&I only appears in Build 21286 or higher-numbered Dev Channel Insider Preview releases at the moment.

More About the ViVe Developers

Note: the authors of ViVe are Rafael Rivera and somebody named Lucas/thebookisclosed/albacore. Both are active Windows developers and toolsmiths. Rivera is also an occasional contributor to Thurrott.com (which is where I first came across him and his work). The other person is also the author of the excellent Managed Disk Cleanup utility, also available on GitHub.

Facebooklinkedin
Facebooklinkedin