Remote Desktop App Holds Cloud PC Keys

OK, then. I’ve finally had a chance to read and learn a bit more about Microsoft’s Cloud PC offering. Indeed, it’s now finally available for subscription and use. I did not luck out and land a free trial (the offer was swamped beyond capacity within minutes of opening). Over at ZDNet, however, Ed Bott ponied up for a subscription. He reports on his experiences working with the Windows 365 Service, built around Cloud PC. His “Hands-on” story appeared yesterday and includes lots of useful info. Not least amongst its nuggets of wisdom and observation is the notion that the Remote Desktop App holds Cloud PC keys.

Why Say: Remote Desktop App Holds Cloud PC Keys?

Bott describes the “Open in Browser” button for Cloud PC as  “the simplest way to begin working with” its capabilities. His story shows useful screenshots and example. In fact, it’s well worth reading from end to end.

In that story, Bott further opines as follows:

“The browser is fine for casual connections, but you’ll have a better experience using Microsoft’s Remote Desktop client, which is available for download from a separate page on the Windows 365 dashboard. Apps are available for Windows, Mac, iOS, and Android.”

I wrote a story for ComputerWorld earlier this year called “Windows 10’s Remote Desktop options explained.” Its conclusion starts with the heading “The future of Remote Desktop.” In that section I put forward the guess that “URDC [the store app for Remote Desktop depicted as the lead graphic here] and MSRDC [an enterprise version of the same tool] will become much more important and capable clients than they are right now.” I also expressed the idea that this might spell the waning days for the old Remote Desktop application (mstsc.exe). I believe Mr. Bott’s story just proved me right, to my great relief.

What Remote Desktop Brings to Cloud PC

In short, it makes interacting with Cloud PC just like any other remote PC session. It permits full-screen (and even all displays in multi-monitor set-ups) operation and works just like desktop access over the network. Of course, that’s what it is, so this is no surprise.

What is surprising is what Bott report about Cloud PC performance. Not much lag, with only “momentary display glitches” for graphics-heavy apps, and “general productivity apps like Office perform just fine.” His only compatibility issue came when trying to connect to a Gmail account with Cloud PC (the server didn’t accept Outlook authentication dialog boxes, but Bott did access the account using the built-in Mail app and via MS Edge).

Bott’s economic analysis of Cloud PC is also interesting. At a minimum of US$20 per month (single vCPU, 2 GB RAM, 64 GB storage) — useful for what he describes as “only the most lightweight tasks” — it offers no significant value-add for home or small business users. For larger businesses, though, I think he observes correctly that the simplicity of Cloud PC (operable from any Internet-attached device including PCs, tablets and smartphones) could appeal to and might even cost less than deploying a managed and secured company-owned PC to employees at home (and other remote locations). It also lets remote users work from familiar local platforms already to hand and might even boost productivity.

So far, I very much like what I’m seeing and reading about Cloud PC. But that’s not the same as trying it out for oneself.

From Reading About to Hands-On

Next, my goal is to figure out how to get involved with Cloud PC myself. I’ve already floated the question with the Windows Insider MVP program if they can’t make  such subscriptions available as part of the award benefit.

But just because I think they should, doesn’t mean they will. In that case, I’ll have to carefully examine the family exchequer to see if it can float the $492 a 1-year subscription for a suitably equipped Cloud PC would cost. By hook or by crook, though, I want in! Stay tuned: I’ll keep you posted…

Facebooklinkedin
Facebooklinkedin

Updates Require Balancing OCD Against Time

I can’t help it. Tinkering with my PCs gives me great joy. I also love to check up on them at regular intervals. I work to keep the OS, drivers, apps and programs current and correct. But I learned long ago that it takes time — often, too much time — to attain absolute perfection. Or perhaps I should say “total update coverage” instead? Indeed, updates require balancing OCD against time. One must know when to quit or give up looking for elusive elements. Thereby hangs today’s tale…

If Updates Require Balancing OCD Against Time, How Much Is Too Much?

I use a couple of good tools to help me track non-OS updates for programs. The Store does a good job of keeping up with most apps. WU does well enough by me with the OS. For drivers, I rely on reading TenForums and ElevenForum to keep up. I also hasten to add that Windows 10/11 both do a good job of handling drivers on their own. That means I concentrate on Nvidia GPU drivers, output from the Intel Driver & Support utility, news about Samsung NVMe drivers, Realtek UAD audio drivers, and — occasionally — Thunderbolt drivers. The rest of them take pretty good care of themselves, though I do rely  on DriverStore Explorer to keep an eye on them, and to purge duplicates and oldies from time to time.

I use the free and excellent PatchMyPC Home updater to handle all the updates it can find. (It provides this story’s lead graphic, in fact.) Why? Because it is set up to silently install updates without requiring human intervention and action. I like that. But I also use the free version of KC Softwares’ Software Update Monitor (aka SUMo) because it finds more apps and programs than PatchMyPC does. That said, I wouldn’t recommend paying for its commercial version because their behind-the-scenes engineering for downloading updates is hit or miss. And the misses happen too frequently for me to want to pay US$30 per PC to grouse about them further. If SUMo finds a program that needs updating, you need to get and apply the update yourself.

Where to Draw the (Update Search) Line

In working with these tools, I’ve learned to spend no more than 10 minutes trying to get any individual item updated. Sometimes, SUMo reports updates available that I just can’t find. For example, SUMo has had me chase DolbyDAX2DesktopUI versions on multiple occasions that I can find nowhere online (though items that present themselves as valid links do pop up they lead only to the Dolby.com homepage).

After one or two revolutions when going around in circles, I’ve learned to give up. I also don’t worry about minor version discrepancies, especially when I know PatchMyPC will catch up to SUMo soon. Case in point: I just updated one of my Lenovo X380 Yoga ThinkPads. PatchMyPC took CrystalDiskInfo to version 8.12.4.0 only for SUMo to tell me I needed to upgrade it to 8.12.5.0. I know if I wait a while, PatchMyPC will get me there without me having to visit CrystalDewWorld, and then download and run the installer myself. So, that’s where I draw the line to avoid too much lost time. You can, of course, draw lines as you see fit.

According to eminent anthropologist Gregory Bateson, the 18th century British poet and artist William Blake said “Wise men see outlines and therefore they draw them.” Blake also said: “Mad men see outlines and therefore they draw them.” Wise or mad, I think drawing lines is an important part of managing how one spends time and effort. Don’t you?

Facebooklinkedin
Facebooklinkedin

Dev Channel Downgrade Raises Flightsigning Mystery

OK, then. Yesterday I posted here about the conditions under which Insiders can downgrade from Dev Channel to Beta or Release Preview channels. Today, there are reports that Insider Preview stuff may go missing in SettingsUpdateWindows Insider Program if you follow that advice. At the same time MS Insider Team member Eddie Leonard has posted a fix for same at Answers.Microsoft.com. As you’ll see in his step-by-step fix advice below, the Dev Channel downgrade raises Flightsigning mystery because it’s key to that fix. Here are those details, quoted verbatim (I changed the text color to red on the key term to make it stand out):

 

1. Click on Start
2. In the search box, type cmd
3. In the lower right of the search results, under Command Prompt, click Run as Administrator
4. On the UAC prompt, click OK
5. At the elevated command prompt, type: bcdedit /set flightsigning on
6. Press Enter
7. At the elevated command prompt, type: bcdedit /set {bootmgr} flightsigning on
8. Press Enter
9. Reboot the device

How do you know if you’ve got this problem? You’ll see a screen that looks like the one from the lead-in graphic (also cribbed from Eddie’s Answers Fix info). Notice that only the “Stop getting preview builds” choice appears, when you should also see choices for “Choose your Insider settings” and “Windows Insider account.” The preceding fix explains how to get those items back, and restore Windows Insider Program capabilities along the way.

Researching Dev Channel Downgrade Raises Flightsigning Mystery

Of course that raises more questions — namely:
“What is flightsigning?”
“Why must it be turned on (twice)?”
I have no answers for these questions just yet, but I’m digging in. There’s a 2014 TechNet article “What is flightsigning?” It raises the question and provides the glimmer of an answer from bcdedit tool help “Allows flight-signed code signing certificates.” It also says “These are certificates used during the Windows development process and chain to an internal root.” Documentation simply says:

“…this command will enable the system to trust Windows Insider Preview builds that are signed with certificates that are not trusted by default:”

I’m guessing that downgrading from Dev Channel may somehow alter these certificate checks. Further, I believe Beta and Release Preview channels must have them turned on by default. Switching from Dev to lower channels requires them to get turned back on and enabled in the boot manager before Insider Program info can show up.

But details are sparse and documentation terse and limited. The BCDEdit command-line options at MS Docs mentions flightsigning only in passing (see “Changing entry options”). Even the GitHub info from MS Docs doesn’t say much about flightsigning. There’s also a tantalizing post at OSR.com about “New test signing options.” But not a lot of hard or explanatory info.

I’ll keep digging. But if anybody has other sources or info, please comment or use the website’s Contact form to send me an email. All input gratefully received.

 

Facebooklinkedin
Facebooklinkedin

Downgrading Dev Channel Is Now Sometimes Possible

Here’s an interesting tidbit from the July 29 version of Microsoft Docs “Deeper look at flighting.” And of course, as the lead sentence reads “Flighting is the process of running Windows Insider Preview Builds on your device.” In an amendment to prior policy, downgrading Dev Channel is now sometimes possible for test PCs or VMs. Let me explain…

What Downgrading Dev Channel Is Now Sometimes Possible Means

The key to switching without requiring a clean re-install (the prior policy in all cases) is that the Dev Channel must have the same or lower Build number than the target channel. That means switching from Dev Channel to another channel requires users “to find your current build number and compare it to the current build number in the channel you wish to switch to.” Build numbers appear in the output from winver.exe, and in Start → Settings → System → About.

I quote the step-by-step process verbatim from the previously linked flighting document:

  1. Open Settings > Windows Update > Windows Insider Program.
  2. Select Choose your Insider settings.
  3. Select the desired channel, either Beta Channel (Recommended), or Release Preview Channel.
  4. The next time you receive an update, it will be for your new channel.

This will make the process of downgrading channels simpler. It also provides an “exit strategy” for Dev Channel PCs. Prior policy insisted that the only escape from Dev Channel could be a clean re-install of some other Windows version. The other channels have always offered the option to drop back to production/RTM versions when they become available. This extends that out to Dev Channel, but requires two steps to get there: first drop back to Beta or Insider Preview, then drop back to production/RTM. Good stuff!

Why Am I Telling You This … Now?

As you look at the WinVer output from Dev Channel (left) and Beta Channel (right) in the lead graphic, right now the Build numbers are the same. That means that you can downgrade Dev Channel PCs as I write this story. Given that MS hasn’t released a Dev Channel build in a while this can’t last forever. If you want to try it out, act fast — or wait for the next synch-up. Your call…

Facebooklinkedin
Facebooklinkedin

Pondering Windows 11 Hardware Requirements

The Windows user community is abuzz with reactions and concerns about what it takes, PC-wise, to upgrade to Windows 11. This has many people — myself included — pondering Windows 11 hardware requirements.  For the record, Microsoft Docs states those things clearly on the Windows 11 requirements page. (Indeed, the bulleted list below is cut’n’pasted from that source) :

    • Processor: 1 gigahertz (GHz) or faster with two or more cores on a compatible 64-bit processor or system on a chip (SoC).
    • RAM: 4 gigabytes (GB) or greater.
    • Storage: 64 GB* or greater available storage is required to install Windows 11.
      • Additional storage space might be required to download updates and enable specific features.
    • Graphics card: Compatible with DirectX 12 or later, with a WDDM 2.0 driver.
    • System firmware: UEFI, Secure Boot capable.
    • TPM: Trusted Platform Module (TPM) version 2.0.
    • Display: High definition (720p) display, 9″ or greater monitor, 8 bits per color channel.
    • Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features.
      • Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use.

Pondering Windows 11 Hardware Requirements Leads to Upgrade Plans

Of the 10 systems currently on the premises here at Chez Tittel, only 3 of them fail to meet the afore-stated stipulations. Those 3 systems are:

1. My production desktop PC, whose i7-6700 misses the CPU cut-off by one Intel generation. It also lacks TPM 2.0.
2. My son’s desktop PC, whose i7-4770K (built in 2014) is pretty long in the tooth. It’s overdue for an upgrade anyway. It too, lacks TPM 2.0 support.
3. My 2014 Surface Pro 3 sports another 4th-gen Intel processor, an i7-4650U. No TPM 2.0 here, either.

I will upgrade both desktops (systems #1 and #2 above). The parts for #2 arrived this weekend and I’ll be upgrading that system sometime this week. It’s going to be a Ryzen 5800X. Its B550 mobo offers TPM 2.0 emulation as part of a broad range of capabilities. I plan to upgrade my production desktop next month, or the month after, to be ready for an October Windows 11 production release date.

Keeping an Eye on Windows 10

Usually when a new OS version comes out, I abandon the previous one completely and move wholesale to the new version. I won’t be able to do that with the Surface Pro 3 (#3 above) so I’ll keep it running Windows 10 as long as it can.

EOL for Windows 10 is October 2025, so that’s going to be a while yet. In fact, if all goes to plan I may be retiring that year myself assuming my son also manages to graduate from college in 4 years. (Alas, that’s not always a safe assumption: both of my step-kids took 5 or more years to earn their bachelor’s degrees, and my sister’s 2 are on the same course. I’m resigned to the notion that it may take him 5 years to finish a bachelor’s, because that’s become such a norm.)

Why I’m Basically OK with MS Requirements

I’m not as bent out of shape by Microsoft’s requirements cut-offs as many people seem to be. I understand one must draw the line somewhere, and that hardware-level security has made dramatic strides in the past half-decade. I’m assuming that’s why MS drew the line at 8th generation Intel (Coffee Lake) CPUs and AMD and ARM processors of similar vintage.

These cut-offs take us back to 2017, nearly 5 years back from the upcoming Windows 11 release date (more or less expected for October). Because TPM (via emulation) is part and parcel of all such systems, by and large, it’s not really an additional hurdle unless users bought older motherboards for newer processors in the 2017-2018 timeframe.

For some fascinating viewpoints and issues on this topic, check out the ElevenForum thread “Update on Windows 11 minimum requirements.” As I write about this conversation, it already boasts numerous items (including my own at #212). There are sure to be many, many more before all is said and done. That said, it’s worth a read-through. Lots of good opinions and ideas, pro and con, and good reflection of the state of the user community.

 

Facebooklinkedin
Facebooklinkedin

Slow Charger Warning Means Underpowered Thunderbolt Dock

Here’s one I haven’t run into before. I wanted to use multiple USB-C ports on my Lenovo X390 Yoga yesterday. Alas, it has but one. So I plugged it into a Lenovo Thunderbolt 3 Gen2 dock the company sent me. Even though it was for another computer I expected all itches properly scratched. Instead I learned that a slow charger warning means underpowered Thunderbolt dock at work. In fact, by the next morning, the battery was exhausted and the laptop inert, amidst a massive PC-to-iTunes music conversion.

Given Slow Charger Warning Means Underpowered Thunderbolt Dock, Then What?

Find a workaround, obviously. Luckily the X390 sports two USB 3 ports. I used one for the drive dock where the music files resided, and the other for the iPhone 12’s Lightning-to-USB cable. I ended up not using USB-C at all (except for power from the dock and then the brick later on).

In fact, the Lenovo Dock claims to support “up to 65W power charging.”  And indeed, the X390 needs 65W of power delivery. But obviously, something wasn’t right. In fact, Reliability monitor showed an APPCRASH from PowerMgr.exe at 7:12 this morning. I guess that’s when the battery finally died. When I saw the error message after this morning’s walk I switched back to the regular power brick and the music transfer continued without further hitches or delays.

The moral of this story appears to be: if notifications ever tell you there’s a “slow charger” at work, you’d best use a different power supply if you want to keep your laptop running indefinitely. Lesson learned for me, for sure!

Note Added August 2: Reader Concurs

I got a comment from a LinkedIn member on this post that cites to issues with some docks and power bricks. Apparently these devices struggle to service peripherals and keep the battery charged at the same time. Interesting!

Facebooklinkedin
Facebooklinkedin

Beta Channel Insiders Get Windows 11 Offer

On July 22, I noted that my Insider Preview test machine hadn’t yet received a Windows 11 upgrade offer. This, despite assertions that such an offer was “coming soon” raised my curiosity, if not my ire. “Where’s mine?” I asked in the covering tweet for that story. Turns out it was where everybody else’s was, too: nowhere (not here yet). But yesterday, July 29, MS opened the Windows 11 floodgates to the Beta Channel. Thus, like many others, I witnessed and participated as Beta Channel Insiders get Windows 11 offer.

If you check the lead graphic for this story above, you’ll see the Beta Channel status window at right. It appears alongside Winver.exe output left, that shows this PC running Windows 11.

When Beta Channel Insiders Get Windows 11 Offer, What Next?

Just for grins, I timed the download and install processes for the new OS. I’m guessing server demand was high, because both took some time to complete. Download took 14:42, and Install took another 28 minutes and a bit more. Normally, OS download occurs in 5 minutes or less. Of course, the installation time is all on the local PC, so the servers have nothing to do with that.

Reliability Monitor also shows 3 “Stopped working” errors just after installation completed, while post-install updates and clean-up were underway. These included:

  • FwdUpdateCmd: a Lenovo System Update Plug-in, which probably hasn’t been updated and/or vetted for Windows 11 yet.
  • UsoClient: shows a BEX64 error, which usually indicates some kind of issue with Outlook. Interesting, because I don’t have MS Office installed on that PC. Might be related to the built-in Office trial.
  • Audio device graph isolation (audiodg.exe) shows an APPCRASH error, with CX64APO.dll as the faulting module. I recognize this as related to the Conexant audio driver present on the X380 Yoga. This is probably a driver hiccup incident to installation. From what I can see in Driver Store Explorer (RAPR.exe), all the current drivers are now stable and correct.

As I’ve been doing with Windows 11 on Dev Channel PCs, I’ll continue to explore, play and learn. I remain favorably impressed with this new OS, and look forward to learning and doing more with it in the weeks and months ahead. And yes, I’m glad to finally have another upgrade show up through “official channels.”

Facebooklinkedin
Facebooklinkedin

MS Makes LTSC Sole Windows Server Release Channel

When you think about it, here’s a sensible move. Windows Server is the kind of platform that organizations want to stand up, get right, and leave alone. There’s little need for personalization, and it doesn’t need desktop tweaks. In fact, Server is really a background thing. It  holds up the “you ask, I answer” side of client/server. architecture. Then, too, MS put containers and microservices under the Azure umbrella. That’s why, I think, that MS makes LTSC sole Windows Server Release channel.

Why MS Makes LTSC Sole Windows Server Release Channel

A July 26 Microsoft Docs item spells things out. It’s entitled Windows Server release information. This quote explains things (emphasis mine):

The Semi-Annual Channel in previous versions of Windows Server focused on containers and microservices, and that innovation will continue with Azure Stack HCI. With the Long-Term Servicing Channel, a new major version of Windows Server is released every 2-3 years. Users are entitled to 5 years of mainstream support and 5 years of extended support. This channel provides systems with a long servicing option and functional stability, and can be installed with Server Core or Server with Desktop Experience installation options. The Long-Term Servicing Channel will continue to receive security and non-security updates, but it will not receive the new features and functionality.

Organizations can migrate if and when compelling new features emerge. It’s arguable this change makes a virtue of necessity. Why say that? Most organizations upgrade servers no more often than once every 2-3 years (or longer) anyway.

On balance, I think this is a good move. For developers, it means building, testing and maintaining fewer releases . That is good news for everybody. Developers can build more cool new stuff. Admins face less busy work. This means shorter, simpler scheduled updates. And because updates often happen over long weekends, it means more holiday time with family and friends. That’s a real win-win!

Facebooklinkedin
Facebooklinkedin

21H2 Preview Experiences After Two Weeks

I’ve got one lone test machine running the “other path” for older Windows hardware — namely the 21H2 Feature Update released on 7/16/2021. Here, I recite my 21H2 Preview Experiences after two weeks. While I’ve not encountered any show-stoppers, the Reliability Monitor report that appears above says it all. As is not untypical for new release forks, this one’s got some minor gotchas.

Summarizing 21H2 Preview Experiences After Two Weeks

I’ll start with a list of all errors reported in the foregoing Reliability Monitor screencap.

Date Source Summary
16-Jul Windows Hardware error
17-Jul Windows Update Medic Service Stopped working
Search application Stopped working and was closed
Search application Stopped working
18-Jul Windows Desktop Gadgets Stopped working
21-Jul PWA Identity Proxy Host Stopped responding and was closed
Windows Desktop Gadgets Stopped working

Upon examination, the error sources mostly originate from Windows itself. Only Windows Desktop Gadgets (which occurs twice) is a third-party app. The rest of the stuff is OS components, hardware, or built-in Windows apps.

IMHO, this kind of behavior is typical for a new release fork. It indicates a shakeout from current preview status on the way to something more stable. It’s only July and the release probably won’t happen until October, so there’s still plenty of time to get things right. If what I’m seeing right now is any indication, what needs fixing is mostly minor stuff.

I would say this augurs well for those who plan to upgrade to 21H2 on production PCs. If your PCs won’t meet Windows 11 upgrade requirements, they should be able to run Windows 10 until EOL in October 2025 without too much fuss or bother. Good stuff!

Facebooklinkedin
Facebooklinkedin

Vexing Windows 11 Antimalware Platform Update Issues

Right now, I have two PC dedicated to Windows 11 testing and learning. Just recently, I discovered some vexing Windows 11 Antimalware platform update issues. The short version is: one of my PCs is up-to-date. It’s no longer subject to Automatic Sample Submission reset to off following each restart. Alas, the other remains stubbornly stuck on an earlier Antimalware platform release. None of the update options available work, so I can’t get no relief. Let me explain…

Fighting Vexing Windows 11 Antimalware Platform Update Issues

First, let me be clear. This is a known and documented Windows 11 issue. It’s been around since the initial release hit. Indeed, a fix exists: when the Antimalware Platform version gets to 4.18.2107.4 or higher, the problem disappears. For the record that problem is depicted in this story’s lead-in graphic. After every reboot, the Automatic Sample Submission feature for virus uploads in Defender is turned off. The feature is easy to turn back on, until the next reboot. OCD OS maintainer that I am, the workaround isn’t enough for me. I want it fixed, for good, now.

Here’s the vexing part. WU hasn’t yet deigned to update the antimalware engine behind the scenes. Ditto for the Protection updates option in Windows Security. There’s a registry hack documented on a related ElevenForum thread. There’s even a manual Defender update download that’s supposed to take the Antimalware engine release to 1.2.2107.02. It comes in a file named defender-update-kit-x64.zip. Alas, inspection of said update file shows the Antimalware engine to be 4.18.2015.5. It’s too old to fix the issue, in other words. Thus, no relief just yet, shy of a permanent registry hack.

The Perils of Perfectionism

Yes, I could hack the registry to turn this off. But I’d have to unhack it again when the fix finally shows up on the X380 Yoga that’s affected. I’m going to have to wait for WU to get around to providing me the latest antimalware engine on its own, or find a newer manual update. Alas, that’s the way things go sometimes, here in Windows-World. Oddly, I find myself hoping for a new Windows 11 build, in hopes the latest antimalware engine will be part of its contents. Stay tuned: I’ll let you know how all this shakes out.

Note Added August 4: Update Came!

Thanks to long-time and active TenForums and ElevenForum user @Cliff S, I learned this morning that Antimalware Client Version 4.18.2107.4 arrived via WU. Checking my own previously stuck test machine, I saw it too, had gotten this update. And now, my PC no longer reverts to Automatic Sample Submission=Off after each reboot. Fixed!

I’ve also determined this version is available through the Microsoft Update Catalog. Search for KB4052623, and grab the correct version, if WU doesn’t come through for you.

 

 

Facebooklinkedin
Facebooklinkedin

Author, Editor, Expert Witness