Category Archives: Windows 11

Insider stuff, Recent Activity, Security, WED Blog, Windows 11

Leave Post KB5055523 Inetpub Folder Alone

April 11, 2025 Ed Tittel Leave a comment

I’d seen reporting on this yesterday, along with blithe assumptions about related cleanup (deletion). Today, MS has published a CVE-2025-21204 security note that explains what’s going on, and specifically advises users to leave post KB5055523 Inetpub folder alone — and intact.

Here’s a direct quote from the afore-linked source:

After installing the updates listed in the Security Updates table for your operating system, a new %systemdrive%\inetpub folder will be created on your device. This folder should not be deleted regardless of whether Internet Information Services (IIS) is active on the target device. This behavior is part of changes that increase protection and does not require any action from IT admins and end users.

Note: KB5055523 is a security update for Build 26100.3775 (production level Windows 11 24H2) released as part of the Patch Tuesday collection on April 8, 2025.

Why Leave Post KB5055523 Inetpub Folder Alone?

It’s part of the infrastructure upon which MS relies to fend off the named vulnerability. In other words, if the folder is present, MS can use it to protect against potential attacks. MS is sometimes fond of leaving folders behind in the wake of various installs (especially feature upgrades). Anything not needed is usually fair game for Disk Cleanup or the Windows Store PC Manager app.

That said, some OCD-friendly Windows users (you know who you are) relentlessly clean up things just because they must. This is apparently a case that flies against that impetus. MS, in this particular case, says “Leave it alone.” I guess I shall, and you probably should, too.

Though the Inetpub folder is empty after the update runs (see next screencap) it is meant to be and stay there. You’ve been warned! Indeed, as you can see, it’s properties are also set to “Read-only.”

The ‘Read-only’ status signals weakly that this item should stay put.

Final Warning: Don’t!

I’ve seen various online sources assert that it’s OK to delete this folder because it caused no observable ill effects on their test PCs. If what MS says about Inetpub’s presence or absence on a PC is true, you don’t want to sight what could happen if it were to be deleted. Let this particular sleeping critter keep snoozing, please.

Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 11, Windows Update

Repair Install Unsticks WU

April 9, 2025 Ed Tittel Leave a comment

For the past 5 weeks or so, I’ve been working with the Lenovo ThinkPad T14s Gen5 laptop. For the last two weeks, updates have been stuck, with an error code that indicates file download issues. The usual repair techniques haven’t helped, either — namely run the troubleshooter or the reset & re-register Windows Update components. So this morning, with a new cumulative update out, I installed the latest Windows 11 24H2 repair version. That built-in repair install unsticks WU and catches me up with pending stuff, as you can see in the lead-in graphic.

Repair Install Unsticks WU Trades Time vs. Convenience

The problems with the afore-mentioned techiques (troubleshooter, reset&re-register) is that they take multiple steps and a bit of effort. Double that when, as often happens, remediation is also needed. It took a while to click Start > System > Recovery > Reinstall now and then work through that process. But the details took care of themselves and I didn’t have to do anything except fire it off to make it work.

In the end, this turned out to be easier and less vexing than the other techniques. Its results were also immediately apparent, and entirely positive, once completed — as you can see in the lead-in graphic. That said, Update History does become a little opaque when you conduct this repair. Here’s what it says now:

It doesn’t show the problem CU installed and running. It simply shows that “Windows 11, 24H2 (repair version)” got installed today. Of course, that means the installer used the latest version of the Windows image — including those problem CUs — as the install base. So really, it’s all fixed now. You just have to know what this reference means.

And ain’t that just the way things go here in Windows-World? The problem may be solved, but a hint of mystery — or is it confusion? — remains. Cheers!

Note Added 4 Hrs Later: Get-Hotfix Tells the Story

Reading through ElevenForum.com threads just now, I learned that running Get-Hotfix in PowerShell will shows installed KBs from a repair install image, to wit: This shows that various updates and security updates are indeed present in the newly repaired image. The current build number for that PC — 26100.3775 — also shows that KB5055523 has been applied. Good stuff…

Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 11

Dell Updates Replaces Power Plan

April 7, 2025 Ed Tittel Leave a comment

Yesterday afternoon, upon returning from a lovely drive into the Texas Hill country “the Boss” remarked that she now had to power on her Dell Optiplex D7080 to wake it from sleep. “Hmmm” I thought to myself “I bet something changed with sleep/wake/hibernate.” It sure did: a recent item via Dell Command Update installed and selected a “Dell” power plan. Alas, when Dell updates replaces power plan, their chosen alternative forced use of the power button to initiate wake. Easily, easily fixed: read on for those details, please…

When Dell Updates Replaces Power Plan, Switch Back

As you can see in the lead-in graphic, there’s a new power plan in the mix. It’s named Dell and it had been selected by default after some recent item ingested through the Dell Command Update utililty. To inspect the contents of a power plan in PowerShell, two commands are needed: the first provides a list of all plans, the second inquires about the contents of a specific plan through its GUID. Those commands are:

powercfg -list
powercfg -query <GUID>

Fortunately, the list output includes both human readable names and GUIDs so I was quickly able to get the deets for the Dell power plan. And sure enough, as I suspected, it had a setting for hibernate after 1 hour of idle time. That was the key!

Wake from Hibernate Requires a Poke

A poke of the power button, in fact, which was just what the boss didn’t like. So, as you can see from the lead-in graphic, I switched her back over the the High Performance plan she’d been using before Dell Command Update made that switch. It doesn’t include hibernate, and it wakes on keypress or mouse click from sleep. That’s what she wanted. And now, that’s what she’s got.

Cool Tools, Insider stuff, Recent Activity, WED Blog, Windows 11, Windows tools

X380 Yoga Can’t See QMR Hotfix

April 4, 2025 Ed Tittel Leave a comment

I shoulda known. When MS unleashed it Quick Machine Recovery (QMR) capability earlier this week, it said it would provide a test fix so IT admins could try out its automatic repair facility. I blogged about enablement instructions on Monday, and have been waiting for that fix since then. I just learned that MS is gradually rolling it out to Beta Channel Insiders running Build 26120.3671. But alas, my test PC is on the outside, looking in. Certain units should find the test fix under a new “Hotfix” category in Settings > Windows Update > Update History. To my chagrin, my test X380 Yoga can’t see QMR Hotfix (neither category nor test item), as (not) shown in the lead-in graphic.

X380 Yoga Can’t See QMR Hotfix: Wait for It!

Gradual rollouts are unpredictable as to when a feature might appear. But they are pretty reliable, in that it should appear sometime. One just has no idea when that might be. If you look at the lead-in graphic you’ll see that it lists out:

Feature Updates
Quality Updates
Driver Updates
Definition Updates
Other Updates

When the QMR-aimed Hotfix finally makes it to the X380, a new category named Hotfix will appear. Then, should I use the reagentc.exe /BootToRe instruction to reboot the PC and tell it to look for and apply same, that should show me by example what it looks like and how it works.

So far, nada!

Standing By for My Turn

As seems to happen to me more often than not, I’m going to have to exercise patience and make sure that I keep checking for the Hotfix category and its test item in the Update History on the X380. Don’t know when that might be, but I’ll report in when that happens. Stay tuned!

Cool Tools, Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 10, Windows 11

Mapping Windows Memory Usage

April 3, 2025 Ed Tittel Leave a comment

I like to keep an eye on how Windows is using system resources. To that end, I still use Helmut Buhler’s excellent 8GadgetPack utilities. They don’t really tell you anything that Task Manager can’t but you can keep them in view all the time, and they don’t exact much system overhead, either. For a rough and ready picture of what’s up with Windows memory (RAM), those tools (e.g. Task Manager and the CPU Monitor gadget) can tell you how much RAM is on your PC, how much is in use, and how much is free. The gadget also reports page file info: total, free, used as well. But when it comes to digging deeper into how Windows uses memory, the Sysinternals tool for mapping Windows memory usage –namely, RamMap – is what you need. Let me explain…

For Mapping Windows Memory Usage, Try RamMap

If you look at the lead-in graphic, I’ve superimposed the CPU Usage gadget (aka CPU Monitor) at center far right, with the Sysinternals RamMap tool beneath it. This pretty much shows things as they work and contrasts the minimal level of detail available from Task Manager and the Corresponding CPU gadget to the more detailed and nuanced RamMap.

TLDR version: Use Task Manager or the CPU Gadget to get a gross overview of memory and paging file stuff; use RamMap to get more details about what’s consuming memory and what state that memory is in.

In large part differences are a matter of details. Task Manager and the CPU Gadget tell you how much RAM is used (blue numbers under the Used, Free, Total column heads in white: 23.6GB) and free (~8GB). It also tells you that the page file is not in use (yellow numbers right underneath RAM entries). That’s pretty much it.

RamMap, OTOH, provides a lot more memory status categories: Active, Standby, Modified, Modified No Wire, Transition, Zeroed, Free, and Bad (you want to see THAT one in a memory map). You get a much more informed and detailed view here (and under other tabs besides “Use Counts” in the leftmost position, shows by default).

How “Used” and “Free” Fit RamMap Categories

Here’s something worth knowing: Used Memory in Task Manager/CPU Gadget combines the RamMap totals under Active, Standby and Modified. Free memory in Task Manager/CPU Gagdet combines the RamMap totals under the Zero and Free headings.

But when RamMap runs you can also see how those numbers change as processes execute, tasks get handled, services do their thing and so forth. It’s much more detailed and useful if you want that level of detail, especially if you’re hunting a memory leak of some kind.

Good stuff! Grab yourself a copy today (or you can simply run the web-based executable, to make sure you’re always using the latest and greatest version).

Cool Tools, Insider stuff, Recent Activity, Troubleshooting, WED Blog, Windows 11

Build 26120.3653 Gains QMR

March 31, 2025 Ed Tittel Leave a comment

In the latest 24H2 Beta Build for Windows 11, the OS gains a facility called Quick Machine Recovery. That’s right: Build 26120.3653 gains QMR, ready for test and use after install. Indeed, the lead-in graphic shows commands to set up a QMR test, as documented at MS Learn. (That entire article is worth a quick read for an overview and explanation of QMR’s cloud- and OS-based remediation capabilities).

Testing How Build 26120.3653 Gains QMR

On a suitably-equipped Windows 11 PC, QMR testing must first be enabled. The first of the two commands shown above handles that:

reagentc.exe /SetRecoveryTestMode

Next, you must instruct QMR to take over the PC after the next reboot. That forces QMR into action (otherwise, it kicks in only after some kind of error or boot failure):

reagentc.exe /BootToRe

This instructs the boot loader to hand the next boot over to the Window Recovery Environment. That’s WinRE, the “Re” in the command string at far right. Overall, reagentc.exe handles WinRE configuration and auto-recovery handling. It also lets admins direct recovery operations and customize WinRE images.

QMR Remediation

QMR’s magic comes from its automated ability that — in the words of the afore-linked MS Learn article — “enables the recovery of Windows devices when they encounter critical errors that prevent them from booting.” In fast, QMR can “…automatically search for remediations in the cloud and recover from widespread boot failures…”

FWIW, I see this new facility as a well-crafted Microsoft response to 2 major issues in 2024. First, there was a Microsoft security update (KB5034441) in January of that year, that rendered PCs with smaller UEFI partitions unable to boot. Second, a Crowdstrike update in July left PCs in a “boot loop” unable to start up at all. Both incidents reportedly affected 8M+ Windows PCs, but the latter caused business service interruptions lasting up to 4 days. Many of those PCs ran remotely, inaccessible without some “interesting” boot-strapping maneuvers involving KVM tools (and lots of cursewords, apparently).

Hopefully, QMR will make such debacles obsolete, and provide cloud-based mechanisms to inject remediation automatically as soon as fixes can be concocted. This could be a very good thing. It’s going to take a while before QMR goes mainstream (probably in 25H2) but it should make life easier for Windows admins everywhere.

One more thing: Sergey Tkachenko at WinAero reports “A test patch is expected to be released in the coming days, which will allow you to test the Fast System Restore feature in practice.” That will let admins try out the auto-remediation feature for real.

Cool Tools, Insider stuff, PowerShell, Recent Activity, WED Blog, Windows 11

Unintended OneDrive Consequences

March 28, 2025 Ed Tittel Leave a comment

I have to chuckle. Working on a Windows 11 revision to a data recovery story yesterday, I ran into “the law of unintended consequences.” In this case, I switched OneDrive backup on to test the Windows Backup app. In so doing, I picked up some unintended OneDrive consequences. You can see them in the lead-in screenshot.

Overcoming Unintended OneDrive Consequences

Blithely, I started using files for my primary MSA from OneDrive on that test PC. (I chose the snappy and powerful ThinkStation P360 Ultra.) Immediately, it picked up Windows Terminal environment settings from the cloud, not the local PC.

Check the lead-in graphic. The error results from running the cloud-based PowerShell profile. It references supporting infrastructure for the WinGet.CommandNotFound capability. This allows WinGet to suggest a source to install a command that

(a) PowerShell sees as undefined
(b) WinGet recognizes
(c) knows where to find
(d) can install on the user’s behalf

Read the error message beneath the failed import command at Line 8 in that output stream. You’ll see the module named Microsoft.WinGet.Client is not loaded. Translation: that module IS squared away on PC from which OneDrive supplies shared files.If it gets loaded on this machine, the error won’t recur.

Putting the (Right) Pieces in Place

The next screencap shows what I did to fix this. I looked up the instructions to get Microsoft.Winget.Client loaded. It requires two back-to-back PowerShell commands. The first handles install, the the second import:

Install-Module -Name Microsoft.WinGet.Client
Import-Module -Name Microsoft.WinGet.Client

I ran those commands on the P350 Ultra. Where requested, I provided permission to access the module gallery for the client module. Next, PowerShell said”Restart Windows Terminal.” After I did that everything worked OK. Here’s visual proof:

What you see is that PowerShell opens normally, with no error messages. Next, you see NeoFetch which shows system and OS info for some nice eye candy. But that last part is proof that unknown command handling is working as it should. I typed ‘vim‘ in at the command line (it’s a well-known text editor popular in UNIX and Linux circles, not installed by default in PowerShell). And you see the results of the Microsoft.CommandNotFound module suggesting WinGet syntax for how to install this tool if wanted.

Problem solved!

Insider stuff, Recent Activity, Thoughts & concerns, WED Blog, Windows 11

Windows 11 25H2 Rumors Aswirl

March 26, 2025 Ed Tittel Leave a comment

OK, then: there’s a growing chorus of sources predicting a new version of Windows 11 for the second half of this year, most likely in the fall. And indeed there are lots of Windows 11 25H2 rumors aswirl at the moment including: Windows Latest, Windows Central, Thurrott.com, and more. Indeed, MS has just bumped up Windows version numbering the Dev Channel to 262xx, and Windows watchers everywhere are seeing a new iteration in the offing this fall as a result.

With Windows 11 25H2 Rumors Aswirl, Here’s My Take

Given Microsoft’s annual cadence for Windows 11 updates at present, it’s no great leap of faith to see a new version coming later this year. It’s not at all unreasonable to posit from the recent change in Dev Channel build numbers that this may be the first tangible sign of what lies ahead.

Here’s my question, though: why is this hitting the Dev Channel, and not the Canary Channel? I’m a little confused as to the order and precedence among the Windows Insider channels right now (and I’m not the only one: Paul Thurrot’s afore-linked meditation on Windows in 2025 spends some cycles on wondering some of the same things).

I, too, find it challenging to keep up with 23H2 and 24H2 versions across production/GA releases, plus Canary, Dev, Beta and Release Preview channels. It seems like the Windows desktop is fracturing with lots of loosely connected box canyons that share no clear or common flow. If “a river runs through it,” it’s kinda muddy right now.

Is There Hope of Clarity or Simplification?

Going forward, I’d really like to see the number of separate tracks and trails diminish. It’s hard to keep a mental map of what’s changed where, and how things work in general and specific terms. That’s mostly because there are at least 10 different paths through Windows 11 versions right now, with no clear end to any of them in sight. Presumably, 23H2 needs to fall out sometime, but when?

Inquiring minds — including mine — would like some clarity, please. A road map would be no bad thing, either. Please help, Windows Insider team. It’s getting kinda crazy in here…

Insider stuff, PowerShell, Recent Activity, WED Blog, Windows 11

Remove Package Kills Spurious Reclaimables

March 21, 2025 Ed Tittel Leave a comment

Over the past year or so, I’ve blogged 7 times about “spurious reclaimables” in Windows 11. They persist in the component store even after DISM /StartComponentCleanup. You can see this in the lead-in graphic. Right now, in fact, the current Beta and GA releases show this behavior. Indeed, it comes from older packages that the preceding DISM command can’t (or won’t) clean out. Reading the CBS.log carefully, someone at ElevenForum figured out that a single remove package kills spurious reclaimables dead.

Running Remove Package Kills Spurious Reclaimables

A line in the CBS log file that caught long-time member and guru @Bree‘s eye. It showed up in the CBS.log via DISM … /AnalyzeComponentStore. It reads (in part):

Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10] is a top-level package and is deeply superseded

In the component store, a top-level package is a primary package. It contains all the bit and pieces — namely files, resources, and instructions — to install or enable some specific Windows update or feature. It’s called top-level because it may contain (or be a parent to, in hierarchical terms) other, related packages and features.

What caught Bree’s attention was the “deeply superseded” phrase in the descriptive text. Normally, DISM /StartComponentCleanup doesn’t remove top-level packages from WinSxS. “What if,” he reasoned, “this were removed because of its obsolete status?” And indeed, it turns out that removing this package also removes a child package as well. And these two nogoodniks turn out to be the very same two packages that show up as spurious reclaimables when running DISM /AnalyzeComponentStore.

Doing Away With Deeply Superseded Package

If your Windows 11 still shows 2 reclaimable packages after a successful DISM /StartComponentCleanup operation, try this DISM command to remove the deeply superseded package (if it’s not the cause, this command will simply fail but won’t harm the component store):

dism /online /remove-package /packagename:Package_for_RollupFix~31bf3856ad364e35~amd64~~26100.1742.1.10

It worked on all the Windows 11 systems I tried it on, including current Beta and GA releases (5 in all). You can also regain about 1.2-1.3GB of space in the component store by following up with a DISM /StartComponentCleanup command. Cheers!

Insider stuff, Recent Activity, WED Blog, Windows 11

New Key Provides Quick Pro Access

March 19, 2025 Ed Tittel Leave a comment

I’m still working with — and on — my new Lenovo review laptop. It’s a ThinkPad T14s Gen 5. That’s a Copilot+ PC with an Intel Core Ultra 5 125u CPU, 16 GB RAM, 0.5 TB NVMe Gen4 SSD, and a snazzy touch screen (WUXGA: 1920×1200). Yesterday, I had to correct one of its few as-shipped deficits: it shipped with Windows 11 Home installed. Because I like to use Remote Desktop Access to work on Windows PCs here at Chez Tittel, I needed to switch to Windows 11 Pro. That’s OK: thanks to my MVP VS Subscriptions, a new key provides quick Pro access. How quick? Let me tell you…

How a New Key Provides Quick Pro Access

Windows 11 Home and Pro share the same core operating system files. Indeed, even in a Home installation, Pro features and functions are present if unavailable. That’s why providing a valid Pro key unlocks such features, with no need to download or install new files.

The process took all of 10 seconds, most of which involved communication with the Microsoft Windows activation servers. I typed “Activation” into Settings, then clicked “Activation settings.” This took me to Settings > System > Activation, where I clicked the Change button to the right of the Change product key option. After entering a MAK key for Windows 11 Pro (copied from my VS subscription), the legend immediately changed to Windows 11 Pro. That’s what you see in the lead-in graphic for this story.

The whole shebang took nearly no time at all. And now, I’m happily working with the T14s through Remote Desktop Connection on my left-hand monitor, as I’m typing this blog post in the right-hand one. Exactly what I wanted.

According to Copilot, the same speedy transition applies to other up-licensing as well. With the right key change, it’s just as fast to get to Windows 11 Education or Windows 11 Enterprise versions as well. And FWIW, Windows 10 works the same way. Good-oh!