Category Archives: Recent Activity

Insider stuff, Recent Activity, Remote Desktop (RDP), WED Blog, Windows 11

Fixing Failed MSA Remote Login

February 19, 2026 Ed Tittel Leave a comment

Every so often, I run into Windows 11 behavior odd enough to make me scratch my head. Occasionally, I’ll observe that my Microsoft Account (MSA) logins work perfectly at the local console. But they fail constantly if used within Remote Desktop Connection. The error? A familiar one: ‘Your credentials did not work. The logon attempt failed.’ Today, I’ll explain what worked for me when fixing failed MSA remote login.

In the meantime, I’d been working around this issue by setting up a Local account named “LocalOnly.” You can see it mentioned in the lead-in graphic for this blog post. If my upcoming technique doesn’t restore your MSA’s remote access as it did mine, you can use a local account to remote into a balky remote host if your MSA won’t work.

Refusal of Known, Good, Working Login

You may see this message while trying to RDP into a Windows 11 machine using an MSA. If so, you know how frustrating it is. Especially when you know those credentials are correct, and you can use them locally, no problem. What gives?

As it turns out, the answer lies in a complex and sometimes fragile identity stack that underpins Windows 11’s user authentication . Let’s unpack what’s going on under that hood.

Windows 11’s identity model for MSAs is built on three interdependent layers:

SAM (Security Account Manager) – The local account database. It stores user SIDs (Security Identifiers) & basic account metadata.
WAM (Web Account Manager) – The token broker that handles cloud authentication for MSAs. It’s responsible for storing and refreshing tokens so services like RDP can validate your identity.
Ngc (Next Generation Credentials) – This layer handles Windows Hello and TPM-tied credentials, like PINs & biometric logins.

When all these layers are working and cooperating, things go swimmingly. Sometime though, particularly on Insider builds where MS is messing with this identity stack, things can get weird. Over time changes can mean an MSA works locally but not remotely.

A Swicheroo Is Key to Fixing Failed MSA Remote Login

Here’s what was happening on my ThinkPad X380 Yoga. I could log in locally using my MSA. But RDP logins would consistently get refused with the error message that serves as the lead-in graphic. After ruling out more obvious causes (e.g. network issues, RDP settings, firewall rules) I thought about the situation. Because local login worked, SAM and Ngc layers were probably OK. That presented WAM as a likely cause.

The fix, then, was simple. I rebuilt the WAM token cache, to make sure all pieces harmonized. Here’s what I did:

1. Log in locally using MSA
2. Visit Settings > Accounts > Your info
3. Change to “Sign in with a local account instead”
4. Sign out, or Reboot PC
5. Login locally using local account name/pwd
6. Visit Settings > Accounts > Your info
7. Change to “Log in with a Microsoft account”
8. Reboot PC

The switcheroo undid the link between the MSA and the account, made it local, then re-established a new connection. That completely rebuilds the whole infrastructure, including the WAM.

After that switcheroo (MSA > Local > MSA) RDP worked fine from my Flo6 primary desktop into the X380. The odds are good this technique will work for you, if you get caught in this situation. Here in Windows-World, a switcheroo sometimes works wonders. It did here, anyway!

Device drivers, Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 11

AMD Gets New Chipset Driver

February 18, 2026 Ed Tittel Leave a comment

Here I go again. I read this morning on Neowin that AMD had dropped a new version of its chipset drivers, including the B550 in my Flo6 and RyzenOfc desktops. Time for an upgrade! I found what I needed at the Chipset Driver Release Notes 8.01.20.513 page (a 62.5MB download named amd_chipset_software_8.01.20.513.exe). After applying that file, AMD gets new chipset driver upon reboot. What happened on my ASRock system was a little more vexing…and complicated. Let me explain…

After AMD Gets New Chipset Driver, Comes a Reboot

The UEFI on my ASRock B550 Extreme4 motherboard is a little tetchy. Whenever the firmware or drivers get touched (updated or replaced), it tends to hang on a black screen after a reboot intended to flush out old stuff and bring in new. Sure enough, that’s what happened after the AMD chipset installer fired off a restart with my express permission.

I had to do a deep cold start to bring the motherboard back to life. That meant:
1. Hold the power button down until the system turns off
2. Turn off the PSU
3. Hold the power button down another 10-15 seconds to discharge any capacative devices
4. Turn off, then unplug the power cord from the PSU
5. Wait 2-5 minutes for everything to turn itself completely off
6. Plug the PSU back in, turn on its power switch
7. Use the front power switch to start the PC back up
Fortunately, that worked and the unit came back to life.

Checking the Install

I’m learning to make doubly-darned sure that an update actually gets applied, thanks to some recent misadventures with Secure Boot. I visited Device Manager and made sure no yellow triangle warnings popped up, nor did anything appear under the always-annoying “Other Devices” heading.

At Copilot’s urging, I also checked the install dates for all of my AMD drivers. Copilot also confirmed that those dates matched the latest ones in the afore-linked release note (and hence, should be current).

I used this handy PowerShell one-liner to elicit the data shown in the next screencap:

Get-WmiObject Win32_PnPSignedDriver | Where-Object { $_.DeviceName -like “*AMD*” } | Select-Object DeviceName, DriverVersion, DriverDate

Here’s the resulting output:

After checking these against the release notes, reported dates = current dates.

It looks like the chipset update got properly applied. Copilot tells me other UEFIs will reboot after a chipset update without the 7-step polka the ASRock board needed. I wish I had another AMD system around here to verify that claim. But here in Windows-World we don’t always get what we want. Good enough for now, I guess!

AI, Insider stuff, Recent Activity, WED Blog, Windows 11

Copilot Amazon Differ on TB5 NVMe Availability

February 16, 2026 Ed Tittel Leave a comment

I’m prepping for an AskWoody story about RAID 1 setups on Windows 11. It had me popping open my half-dozen or so NVMe enclosures yesterday to see what I had at my disposal. Among my inventory, I found two identical NVMes (ideal for a RAID 1 test). I also found a Crucial T705 1TB PCIe x5 drive, which isn’t suited for any of my enclosures. It really needs Thunderbolt 5 or USB4 v2.0 to exceed the 40 Gbps speed limit that TB4/USB4 imposes. Imagine my surprise when Copilot said no such enclosures were available, while Amazon showed me at least half-a-dozen products for sale right now. Hence my claim that Copilot, Amazon differ on TB5 NVMe availability.

If Copilot Amazon Differ on TB5 NVMe Availability, Try Evidence

I work with Copilot near daily, especially on understanding and fixing Windows problems, issues and misconfigurations. Warnings about AI hallucinations are always worth remembering with Copilot. Why? Because it has repeatedly shown itself to be wrong or — as in this case — misinformed. I reproduce Copilot’s response to my correction in which I provide the simple Amazon search that showed me 6-plus TB5 capable NVMe enclosures for sale at US$190 and up.

One big problem I see with AI information is that it includes no shades of grey. If Copilot and other AI interfaces could include confidence levels or probability of correctness, that might help. But no: Copilot, Google AI, Grok and so forth put forward their information as gospel truth. There’s a huge gap between Copilot’s initial flat statement that no TB5 NVMe enclosures are available, and its later correction to “TB5 NVMe enclosures exist, but most are early‑generation products whose real‑world performance is currently limited by host support and certification status.” Big difference!

As Always, Proceed with AI Cautiously

I don’t use or act on AI provided info unless and until I can confirm it through at least one (preferably, two or more) reliable public sources. This little “No it’s not; Well, yes it is…kinda/sorta” encounter demonstrates pretty well why that’s so. Indeed, for testing purposes I plan to buy one of the very enclosures Copilot told me yesterday didn’t exist. Today, it’s a different story!

Isn’t that just the way things go here in Windows-World sometimes? But at least, I’m going to be able to see if TB5/PCIe x5 Gen5 technology lives up to its billing when the Acasis enclosure shows up. If things work as reported, I’ll have an external USB drive that’s as fast as the internal drive on my production desktop.

Hardware Reviews, Insider stuff, Recent Activity, WED Blog

P16 Gen3 Firmware Update Hangs

February 12, 2026 Ed Tittel Leave a comment

Imagine my excitement when I got a brand-new Lenovo ThinkPad P16 Gen 3 Mobile Workstation delivered to the door yesterday. It’s an absolute beast of a machine (more on that below), huge and powerful. As part of my usual intake routine, I apply all pending updates. Alas, one of them — the P16 Gen3 firmware update — hangs during its install. I have to take drastic measures to finish things up. Let me explain…

If P16 Gen3 Firmware Update Hangs, Then?

The system wouldn’t reboot after the UEFI itself got updated. It was stuck, unable to go forward or go back. So I exercised the nuclear option when it comes to laptops lost in limbo. I unplugged the battery and waited for it to drain completely, as evidenced by the power button and ESC key lights that stayed on late into the night last night.

The update completed successfully after that: I’m now running N4FET47W (1.28) dated 1/23/2025. But it took some doing to get there. Lenovo Vantage downloaded the update but was unable to install it. I also tried Lenovo System Update, which is usually better at handling firmware stuff, but no dice there, either. Finally, I visited the Lenovo Support pages, plugged in the serial number, and got a standalone flash installer named n4fuj05w.exe.

Starting UEFI Update Is Good, Finishing Is Better

The installer does its initial thing inside Windows getting the UEFI, Intel Management Engine (ME), and other update elements unpacked and ready before it reboots the machine. Then the flash installer takes over. That’s what hung on me.

Initially, Copilot advised me to remove the back deck of the unit and unplug the battery to force a cold reboot quickly. But this laptop costs over US$9K and the back deck didn’t want to come off. I had to use more force than I was comfortable exercising just to get the back edge to lift a little. Copilot yammered on I should keep trying and that the unit is notorious for tight clips and challenging extraction.

Nope! I also knew that draining the power over time would achieve the same end, with no danger of scratching the finish. So I waited overnight instead.

Getting Going On Intake

Now that the updates are all in place, WU is happy, winget’s been satisfied, and the Store is caught up, I can pay attention to the machine itself. I’ve got all my apps and tools installed, and am ready to report on what I see about this monster of a laptop.

Here’s a quick summary of key components:
• It’s NOT a Copilot+ PC
• Intel Core Ultra9 275HX (8P-Cores, 16 E-Cores, 24 threads)
• 128 GB DDR5 UDIMM RAM
• Intel integrated graphics Arc Xe‑LPG Graphics (64 exe units)
• NVIDIA RTX Pro 5000 Blackwell Generation (ADA arch, 7,424 CUDA cores, 16GB GDDR6, 58 3G RT cores, 232 4G Tensor cores)
• 4TB SAMSUNG MZVLC4T0HBL1-00BLL (SSD)

Pretty serious complement of components, eh?`

Here are the ports provided on the unit, listed by side as left, back and right:
LEFT (from front, items listed back to front)
• 1xSD slot (full-sized)
• 1xThunderbolt 4 (USB-C) up to 40 Gbps, DP1.4, USB4 compatible
• 1xUSB-A 3.2 Gen 1 (5 Gbps)
REAR (left to right, looking at rear)
• RJ-45 2.5GbE
• HDMI 2.1
• 2xThunderbolt 5 (USB-C) up to 80 Gbps, DP2.1, USB4 compatible
RIGHT
• Kensington lock slot
• 1xUSB-A 3.2 Gen 1 (5 Gbps)

Most notably, this P16’s got Thunderbolt 5 and USB5 (aka 4.2) support! Now I’ll finally be able to test TB5/USB5 stuff. The internal SSD — a PCIe x5 Samsung model — reports speeds over 11,000 for 1GB block transfers in CrystalDiskMark. A USB4 drive attached to the high-speed USB-C port clocks in over 6,000. It’s the fastest USB I/O I’ve ever seen. Cool!

From the Belly of this Beast

Weighing in right at 6.5 lbs (2.95 kg) this is a massive monster of a laptop. But if you need lots of horsepower, capability and connectivity this could be your mobile workstation, too. Lenovo tells me its MSRP is ~US$9,200. You’ll need some serious financial backing to make this baby yours, too. So far, I like it a lot!!!

Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 11, Windows Update

CU Aftermath: One TPM Update Elicits WTF?

February 11, 2026 Ed Tittel 1 Comment

Microsoft’s February 2026 cumulative update, KB5077181, brought most Windows 11 25H2 systems up to build 26200.7840. At least, that’s what I was expecting. But as I rolled out the update across a mix of systems here at Chez Tittel, I noticed something odd. My Lenovo ThinkPads and an ASUS Zenbook A14 quietly updated and rebooted into 26200.7840. The DIY desktop (built on an ASRock motherboard with a Ryzen 5800X) threw a TPM warning and required multiple reboots after a forced cold startup. You guessed it: that one TPM elicits WTF as I must respond to “Update Y/N” for things to proceed.

One TPM Update Elicits WTF, Others Don’t

Let’s unpack what happened. First, the update itself. KB5077181 is a standard cumulative update, but it also includes boot-chain changes that affect Secure Boot and TPM values. On systems with stable firmware and well-behaved TPM implementations, these changes get absorbed quietly. That’s what happened on my Lenovo and ASUS laptops. They rebooted twice and landed on build 26200.7840 without a peep. Copilot tells me that the first reboot is for a servicing stack update, the second for the aforementioned CU.

The ASRock-based Ryzen system, aka “Flo6,” had a different reaction. Upon reboot it froze on a black screen. After I cycled power and forced a cold boot, it presented a UEFI-level prompt. That prompt warned about changes to the TPM and Secure Boot configuration, and asked me to enter “Y” to confirm, or “N” to deny. This signals that the Platform Configuration Register 7 (PCR 7) that tracks Secure Boot components has detected a change. The system requires manual confirmation to proceed and reseal the TPM, followed with an additional reboot. But man, is that a cryptic message or what? (It appears as the lead-in graphic above.)

Why this discrepancy? It comes down to platform differences. OEM systems like Lenovo and ASUS laptops benefit from tightly integrated firmware, drivers, and update pipelines. Their UEFI implementations are mature. Also, their TPM and Secure Boot configurations get validated against Microsoft’s updates. Thus, they handle PCR changes gracefully and typically reseal the TPM silently with no user intervention.

The ASRock Difference

ASRock, on the other hand, does things differently. Though their firmware is functional and generally reliable, but it’s not as polished or tightly integrated as enterprise-grade or premium OEM systems. ASRock tends to use more standard, out-of-the-box AMI firmware. It offers only minimal validation for Secure Boot and TPM changes. Combine that with AMD’s fTP (known to be more sensitive to boot-chain changes than Intel’s PTT), and you get a prompt for TPM confirmation after updates like KB5077181.

You Get What You Pay For

That’s not to say ASRock is bad. For enthusiasts and DIY builders, their boards offer decent value and performance. But when it comes to firmware maturity and seamless integration with Windows security features, they’re noticeably behind the big OEMs.

The takeaway? Platform matters. As Windows continues to evolve its security posture, particularly around Secure Boot, TPM, and boot checks, users should expect some variation in how different systems respond to updates. OEM systems generally offer a smoother ride. DIY builds like my ASRock-based Flo6, appear to need more attention and manual intervention.

For those who live in the trenches of Windows-World, it’s just another reminder of how things sometimes work, or not. The best antidote is to know your hardware, expect the unexpected, and keep recovery media handy, just in case something goes awry. I’m glad I didn’t need recovery for this update. Indeed, I started wondering when I had to cycle power for a cold start, and an extra reboot to get to the desktop.

Hardware Reviews, Insider stuff, Recent Activity, Troubleshooting, WED Blog

Zotac 4070 Shows Up Munged

February 10, 2026 Ed Tittel Leave a comment

Got an email last night from the USPS, informing me that the Zotac 4070 card I ordered would be delivered by 6:30 PM. This morning I walked to the mailbox to retrieve that item. As you can see in the edge-on photo, the 800-lb gorilla had his way with the card during shipment. The front plate is badly bent. Worse, the right-hand fan (from the top) doesn’t spin freely, as it properly should. I’m asking for a refund, as the Zotac 4070 shows up munged.

If Zotac 4070 Shows Up Munged, Now What?

I’m ordering a replacement card. Given the issues finding a performance GPU that’s also compact, I’m “trading down” to get a 5060 model for my next try. I just ordered a Gigabyte RTX 5060 Mini from Amazon, for delivery tomorrow. In the meantime, I’m fighting with the vendor platform — Mercari, in this case — for a refund. Somehow, the sale shows as completed even though I hadn’t even had the card in my hands for 18 hours when that status made itself known. I’m hoping I’ll get the purchase price back, but I have a bad feeling…

As I opened the package, in fact, I saw the front plate had been savaged in transit. “That can’t be good,” I thought. It wasn’t. Gosh only knows what hit this unit, but it literally looks stepped on. I can only hope I’ll get a refund: we’ll see about that.

Tomorrow Is Another Day

Amazon will put the next candidate in my hands tomorrow morning. I’ve never had trouble with their delivery resulting in damage of any kind, let alone the mauling that the Zotac card took en route. Fingers crossed that I can get it installed, and Secure Boot working, on the upstairs B550/5800X PC. These things happen here in Windows-World. Several lessons learned from this encounter, none of them good. Sigh, and sigh again…

Device drivers, Insider stuff, Recent Activity, WED Blog, Windows 11

So Long Samsung ML-2850

February 9, 2026 Ed Tittel Leave a comment

Over the weekend, I saw a story at Tom’s Hardware that reported MS is phasing out V3 and V4 printer drivers. “Hmmm,” I thought, “I bet this means my 2009 vintage monochrome laser printer is included.” Copilot confirmed that it’s time to say so long, Samsung ML-2850. It runs V3 printer drivers and MS is halting support for same, like now.

Succession Plans After So Long, Samsung ML-2850

The printer still works fine. And it still works — for the time being, at least — with Windows 11. But it’s just a matter of time before it won’t work any more. That might hit as early as whenever 26H2 hits public release. Or it might last as long as 27H2. But its days are now officially numbered.

Here’s my plan: I’m going to use up the laser cartridge(s) I have at my disposal. When the ML-2850 runs out of toner, it’s toast. At that point, I’ll drop it off at Goodwill, where I routinely recycle my used electronika.

How long does that give this device to remain in use here at Chez Tittel? I might print 100 pages of output a month on this printer, max — probably less. So it could be 6 months or more before I pull the plug and pack it off to Goodwill. Let’s see what happens, shall we?

But Wait, There’s More…

My Dell 2155cn is also facing obsolescence, but it qualifies as a V4 driver, not V3. So I’ve probably got another year or two before it, too, goes off to Goodwill for lack of driver support. What will I buy next? I’m thinking something like the HP M455dn, which is a low-end business class networked color laser printer that retails for US$550-800 depending on bells and whistles. Or whatever its equivalent may be when I exhaust my final set of CMYK cartridges for that printer (I’ve got a set of spares, and CMY all ahow 100% in the Dell Printer Hub’s toner status display, with B at 80%).

I’ve got at least 2 years left on that printer, it seems. Then, I’ll buy another. Interesting note: it will probably be the last printer I ever purchase, seeing as how the Samsung has lasted 17 years, and the Dell more than 13. It seems that obsolescence comes calling long before the hardware itself runs out. That was also the case for my Apple LaserWriter 1, purchased in 1985 and still running like a champ when I gave it away in 2005. For all I know, it’s still running today — that thing was built like a battleship.

Cool Tools, Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 11

Sysmon Lands in Windows 11 Beta

February 6, 2026 Ed Tittel 2 Comments

Lots of Windows nerds have spent years bolting Sysinternals’ Sysmon into every PC we work on. For them — and me — the latest Windows 11 Beta build (26220.7752) brings a welcome surprise: Sysmon is now a built-in optional feature. That’s right — no more downloading, unzipping, or scripting installs from Sysinternals. No need to run its handy web-based version, either. Microsoft has quietly slipped this powerful tool into the OS itself, and it’s ready to roll with some simple PowerShell commands.

What Sysmon Lands in Windows 11 Beta Means

Sysmon (System Monitor) has long been a staple in toolkits for security pros, blue teamers, and forensic analysts. It provides deep visibility into system activity — process creation, network connections, file writes, registry changes, and more. Until now, deploying Sysmon meant managing binaries and XML configuration files. With its inclusion as a Windows Optional Feature, Sysmon becomes easier to deploy, update, and manage across PC fleets.

PowerShell: Enable and Install Sysmon

To enable the built-in Sysmon feature from Windows itself, and then start monitoring stuff, run these two commands:

Enable-WindowsOptionalFeature -Online -FeatureName Sysmon
sysmon -i

In case it’s not obvious, the first command enables the Sysmon feature; the second installs it, ready for use.

Quick Peek: View Sysmon Events

Here’s a PowerShell one-liner that shows the 25 most recent Sysmon events. Gives a taste of how it works and what it shows:

Get-WinEvent -LogName “Microsoft-Windows-Sysmon/Operational” -MaxEvents 25 | Format-Table -AutoSize

Unless your PC is acting up or ill, sysmon mostly shows process creation and termination (like here).

What Sysmon Illuminates

Sysmon shines brightest when you need to understand what’s really happening under the hood in Windows. It logs detailed info about process creation, including parent-child relationships, command-line arguments, and DLLs loaded. Sysmon captures network connections with source and destination IPs, ports, and process IDs. It can even detect code injections, image loads, and registry modifications. With a well-tuned configuration, Sysmon becomes a forensic goldmine. It’s like a time machine for system activity. Properly used, it can help you trace malware behavior, insider threats, and suspicious persistence mechanisms.

Adding Sysmon Into the Mix Is Good!

The integration of Sysmon into Windows 11 Beta is a quiet but powerful shift. It signals Microsoft’s growing commitment to built-in security observability and makes it easier than ever to deploy advanced monitoring at scale. For IT pros and security teams, this is a win. If you’re running a Beta build, it’s time to fire up PowerShell, flip the switch, and start watching your system like never before.

Showcasing Sysmon in Action

Sysmon’s long history in the Windows ecosystem is best illustrated through several well‑known case studies that show how deeply it illuminates system behavior. Both cases listed below not only show Sysmon’s diagnostic power but also its ability to reveal subtle, causal relationships that define complex system activity.

Mark Russinovich – Case of My Mom’s Chronically Infected PC: A classic Sysinternals investigation where Sysmon and related tools helped uncover persistent malware reinfection patterns. [URL is 404, look for episode 108 through the WayBack Machine {checked}]
License to Kill: Malware Hunting with the Sysinternals Tools (2021): In this case study, Mark Russinovich demonstrates how Sysmon’s detailed process‑creation and network‑connection telemetry exposes true behavior of a persistently compromised system that traditional antivirus repeatedly missed. By correlating Sysmon events with suspicious activity patterns, he shows how threat hunters can reconstruct attacker techniques, identify persistence mechanisms, and ultimately eradicate deeply embedded malware.

Together, these cases demonstrate Sysmon’s unique strengths: high‑fidelity process creation logging, deep visibility into network connections, precise registry and file‑system monitoring, and the ability to reconstruct causal chains that ordinary Windows logs simply cannot express. Whether used for diagnostics, security investigations, or system forensics, Sysmon remains one of the most powerful visibility tools available on Windows.

And that, dear readers, is why Sysmon is already well-regarded in Windows-World. That’s ultimately what makes it a amazing addition to the collection of built-in Windows features.

Insider stuff, Recent Activity, USB devices, WED Blog, Windows 11

Sprucing Up My Desktop Peripherals

February 5, 2026 Ed Tittel Leave a comment

If you look back at my recent bloggage, you’ll see that I spent far too much time recently jumping into and rooting around in UEFI. Specifically, I found myself exposed to the oddities of the Asrock UEFI, which turns out to be finicky in many unexpected ways. Among many other bits of techno-trivia, I learned that my keyboard can’t send function key events to UEFI. I also learned that my logitech mouse sometimes is detected as (!) SATA storage during device enumeration at bootup. So, I’m sprucing up my desktop peripherals to steer clear of those issues. Let me explain…

Why I’m Sprucing Up My Desktop Peripherals

Function keys are helpful and even necessary during inital PC start for access to UEFI. They also drive many functions inside UEFI (e.g. F10 to “save & exit”). When the UEFI can’t read them, it’s anywhere from mildly annoying to maddening. My trusty old MS Comfort Curve 4000 (CC) is what’s known as a “composite USB HID device.” Alas, during POST and UEFI handoff, some PC firmware (including Asrock’s) handles only basic HID devices, not composite ones. To make that stuff work, in other words, I have to use a keyboard different from the CC. Sigh #1.

The older Logitech Unifying transceivers that work with mice and keyboards of that era also show another Asrock firmware quirk. They may sometimes (but not always) be recognized as SATA storage devices during first-time device enumeration. This threw me into an endless cycle of A6 POST errors on the B550 when I was trying to get the upstairs machine working last week. Here again, switching to a wired mouse fixed that issue. Sigh #2.

New Secure Boot, New Accoutrement

My fundamental problem is that I’m recycling old gear on a newer system. So it’s time to buy something new to bring it more in synch with the demands of modern UEFI, Secure Boot certificates, TPM 2.0 and suchlike. After walking thru my options with Copilot I’ve chosen a couple of Logitech items (I’m a long-time fan, and reviewed lot of their peripherals in the 2000s for Tom’s Hardware):

Logitech Wavekeys keyboard (PN: YR0096) mostly matches the CC layout and feel, and is a basic HID device. Thus, its Fn keys should work properly in POST and UEFI.
In the same box, a Logi Bolt transceiver (xcvr PN: CU0021) which is supposedly superior to the old unifying xcvr, nor subject to mis-detection as a SATA device.
Logitech Signature M650 mouse (PN: MR0091) mostly matches the MS Mobile Mouse 4000 downstairs and the Logi mouse upstairs. Also works with Logi Bolt xcvr so I need only one transceiver for both devices.

I used the Bolt xcvr from the keyboard, so it came up instantly. I had to download and install the Logi Options+ app to get it to recognize the mouse through that same xcvr (it shipped with one of its own). But that was fast and easy, and the wireless link is quick and accurate. Alas, I got down on wireless keyboards back in the 2000s when I had a bad experience with transmission lag. If you type reasonably quickly (I’m at least 40 wpm or better) that’s not acceptable. So far, so good, with these Logitech devices.

Change is a watchword here in Windows-World. Like it or not (and I’m still figuring that out) my peripherals are changing. So are lots of others things. Adapt and thrive is the plan…

Insider stuff, Recent Activity, Security, WED Blog, Windows 11, Windows Update

Chez Tittel Secure Boot Report Card

February 4, 2026 Ed Tittel 1 Comment

Here in my house — Chez Tittel, that is — I have 11 computers running. Of that number, 10 have Secure Boot enabled and running. 8 have updated to the 2023 Secure Boot certificate authorities (aka 2023 CA) to replace the soon-to-be-obsolete 2011 CAs. Let’s call this status the Chez Tittel Secure Boot Report Card. Next, I will provide more details.

Presenting Chez Tittel Secure Boot Report Card

You can see that the report card takes the form of a table in three columns. (Open the lead-in graphic in its own browser tab to see the whole shebang.) Col1 shows the machine name for each PC. Col2 indicates whether or not Secure Boot is enabled. Col3 covers whether or not the new 2023 CA is present or missing.

Here’s a breakdown, with percentages:

10 of 11 machines have Secure Boot enables and running (~91%)
8 of 11 machines have the new 2023 CA in their secure stores
2 of 11 machines are waiting on WU to send them an update. It will add CA 2023 to their secure credentials. (2018 vintage X380 Yoga and the 2020 vintage X12 Hybrid Tablet.)
The only holdout is RyzenOfc, whose Asrock B550 motherboard won’t go into UEFI with the ancient NVIDIA GeForce 1070Ti currently installed. I’ve ordered a newer 4070 board and expect to complete the install process to enable Secure Boot and bring CA 2023 on board once it gets here.

Assessing a Mini-Fleet Experience

I was pretty surprised that the OEM PCs made working with Secure Boot and the 2023 CA update more or less routine. I only had to enable Secure Boot on a couple of machines, and the all of their update processes went smoothly. This involved machines from Lenovo (7) and one each from Dell and Asus.

The Asrock B550 PCs were a whole ‘nother story. I now know it’s at least partly because the old Pascal firmware on the 1070 GPUs doesn’t mesh well with UEFI in general. But I also now know that the B550 UEFI itself is a finicky and sometimes cantankerous beast.

Getting the first instance (Flo6, my production desktop) working with SB and 2023 CA was close to the adventure of a lifetime. I sincerely hope that when the new GPU appears here at Chez Tittel, the second iteration will be easier, less vexing, and nowhere near as drawn-out as the first one was. We’ll see: here in Windows-World anything can happen — and often does!