Woody Leonhard's no-bull news, tips and help for Windows and Office
Home icon Home icon Home icon Email icon RSS icon
  • Gregg Keizer gets it exactly right: MS hasn’t backtracked on GWX updates

    Posted on May 31st, 2016 at 11:51 woody No comments

    When I have time (in short supply at this point), I’ll elaborate a bit with some new observations, but the bottom line is that Gregg Keizer’s article in Computerworld, No, Microsoft hasn’t backtracked from zealous Windows 10 upgrade tactics, is quite correct.

    There’s been no change in the published mechanics of the coerced Win10 upgrade since March. I still have yet to see one instance where a Win7 or 8.1 user can absolutely prove Win10 was installed without acquiescing to the Win10 EULA (which is highly obfuscatory, IMHO, but that’s another story).

    People are seeing many different forms of the “Get Windows 10” dialog. We aren’t all being tarred with the same brush.

  • MS-DEFCON 3: Get patched, but watch out

    Posted on May 30th, 2016 at 06:16 woody 66 comments

    It’s been almost a week since Microsoft re-issued the famed, feared “Get Windows 10” patch, KB 3035583. I still don’t see what’s different about it, but at least those of you with “Give me recommended updates the same way I receive important updates” turned off won’t see a check mark on the patch in Windows Update – so it won’t install.

    There have been problems with this month’s patches, but most of them are reasonably well understood. A bug in the Office 2010 patch MS16-039/KB 3158453, for example, triggered “The Windows installer service could not be accessed. ” errors and a re-release of KB 3144432. Windows 10 got a new “Update Assistant” KB 3159635 to help Win10 users still on the RTM version to upgrade to build 1511.

    I found the new Windows 7 “SP2” to be frustrating and painfully slow, but it’s only intended for folks with Win7 systems that haven’t been updated in years, or for those who are building new Win7 systems from scratch. See the comments in this AskWoody post from Noel Carboni.

    With Office non-security patches just around the corner, it’s a good idea to get your system patched. I’m going to stick with my three-month-old advice: Skip all non-security patches; only install security patches. Here’s how to do that:

    Vista: If you haven’t yet followed the trick for speeding up Windows Update scans, use the methoddescribed in this InfoWorld article to first grease the skids. Start Internet Explorer and verify (Help > About) that you’re running Internet Explorer 9. Go into Windows Update (see the Windows Update tab on this page), make sure security patches are checked and non-security patches are unchecked, then run the update.

    Windows 7: If you haven’t yet followed the trick for speeding up Windows Update scans, use the methoddescribed in this InfoWorld article to first grease the skids. Yes, that means you should install KB 3145739 manually.

    Step 1. If you haven’t checked recently, crank up Internet Explorer. Don’t use it to go to any sites, but click the gear icon in the upper right corner, choose About Internet Explorer, and verify that you’re on IE 11. If you aren’t yet on IE 11, make sure the box marked “Install new versions automatically” is checked, then click Close. That’s the easiest way to upgrade to IE 11. There may be an IE 11 upgrade sitting in Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates). If so, keep it checked.

    I don’t recommend that you use IE. But you need to update it, and keep it patched, because Windows still uses bits and pieces of IE in various places.

    Step 2. Run GWX Control Panel and set it to block OS upgrades.

    Step 3. Go into Windows Update (Start > Control Panel > System and Security > under Windows Update, click Check for updates). Click the link that says “XX important updates are available.” Check the boxes next to items that say “Security Update.” Last month I warned about KB 3146706, but it’s been reissued and appears to be OK. UNCHECK the boxes next to any items that aren’t specifically marked as “Security Update.” All of them.

    Be aware of the fact that one of the security patches, KB 3154070, also includes non-security patches. Microsoft did the same thing in March. It’s an IE 11 patch, so you need it, even if Microsoft is sneaking in non-security stuff.

    As noted below, if you see Windows Defender listed or the Malicious Software Removal Tool, keep it checked, too. Those are security patches, whether they’re identified that way or not.

    Step 4. On the left, click the link that says Optional. Uncheck every box that you see. Yes, I’m saying that if a box is checked, uncheck it. If you uncheck the box next to “Upgrade to Windows 10 Pro, Version 1511, 10586 box.” Windows Update will check it again for you. Don’t be alarmed. GWX Control Panel will protect you.

    Step 5. Click OK, then Install updates.

    Step 6. Back in Windows Update, on the left, click the link to Change settings. Make sure “Important Updates” is set to “Check for updates but let me choose whether to download and install them,” and uncheck the box next to “Give me recommended updates the same way I receive important ones.”

    Step 7. Click OK and reboot.

    Step 8. Run GWX Control Panel again, just for good luck. (Note: GWX Control Panel has a “Monitor Mode” option. If you choose to use that option, you won’t need to run GWX Control Panel again – it’s already running. Personally, I don’t use Monitor Mode. I don’t like to leave anything running if I don’t have to. So I run GWX Control Panel manually, twice.)

    Windows 8.1: I haven’t heard of any appreciable Windows Update speed-up by using the KB3138612 and KB3145739 trick. Follow the instructions for Windows 7, but in Step 3 go into Windows Update by right-clicking on the Start icon and choosing Control Panel.

    Windows 10: If you’re using the metered connection trick to block updates, unblock the metered connection long enough to get caught up. If you hit a problem, be sure to drop John Wink a line. The twelfth Win10 cumulative update should bring your version of Windows up to build 1511 OS version 10586.318 – what I like to call Windows 10.1.12.

    You may get a couple of stragglers — little patches that aren’t cumulative updates — KB 3147062 and KB 3152599. Those are OK to install, too. I still wish Microsoft would release individual patches like these, instead of massive cumulative updates, but…

    Office Click-to-Run: Thanks to reader Eric for an update – there was a Windows Installer issue in the April 2016 update, MS16-039. I see references to May 10 and May 25 fixes, with the latest build at 15.0.4823.1004. If you have details, I’d sure like to hear about it!

    Everybody: Either watch here on, or follow me on Twitter (@woodyleonhard) or Facebook to keep up on the latest. Microsoft’s releasing patches at a breathtaking rate. It’s a jungle out there. And if you catch something, shoot me email (click on the mail icon in the upper right corner of this page), or post a reply to this blog.

    I’m putting us at MS-DEFCON 3: Patch reliability is unclear, but widespread attacks make patching prudent. Go ahead and patch, but watch out for potential problems.

    My usual boilerplate advice:

    For those of you who are new to this game, keep in mind that… You should always use Windows Update to install patches; downloading and installing individual patches is a clear sign of impending insanity. I always install Windows Defender/Microsoft Security Essentials updates as soon as they’re available – same with spam filter updates. I never install drivers from Windows Update (in the rare case where I can actually see a problem with a driver, I go to the manufacturer’s web site and download it from the original source). If Windows Update has a patch but the box isn’t checked, DON’T CHECK THE BOX. It’s like spitting in the wind. I use Chrome and Firefox, and only pull out IE when I feel very inclined — but even if you don’t use IE, you need to keep up with its patches.

    Thanks, as always, to Susan Bradley and her in-depth work in Windows Secrets Newsletter.

  • Here’s why KB 3035583 (the much-maligned GWX patch) may appear twice on your machine

    Posted on May 29th, 2016 at 17:51 woody 12 comments

    Fresh analysis from ch100:

    This is what all the talk about KB3035583 appearing twice is all about, in case you haven’t seen it or able to reproduce.

    If I scan against WSUS, the updates not on offer in WSUS do not appear in the list of hidden updates.

    This means there are 2 lists of hidden updates, according to the reference database against which the scan is performed, in this case Microsoft Update and WSUS.

    The updates not in WSUS are KB971033 and KB3035583.

    Currently only one version of KB2952664 is on offer, the older versions being expired, unlike KB3035583 for which the older version I am expecting to see expired soon.

    Scan against Microsoft Update – takes less than 2 minutes, all other updates installed, no Office or other Microsoft software installed

    Hidden updates

    Scan against WSUS – same updates hidden as above, takes less than 2 minutes to scan

    See that in WSUS there is no such thing as Recommended, Optional. It is either approved or not. However the admin can see the difference between updates although there are more classifications available than in Windows/Microsoft Update.

    Hidden updates to restore

    It is always good to compare WSUS with Microsoft Update for reference and better understanding.

  • Time to upgrade to Windows 10?

    Posted on May 29th, 2016 at 17:36 woody 26 comments

    I’m getting more and more of this kind of inquiry. From NG:

    I live in a village of 3500 homes in the heart of the UK and write articles for our local village magazine, sometimes on computer related issues and how to protect themselves online.   Many of the readers are silver surfers and the question they are now asking with just 2 months to go is “Should I upgrade to Windows 10”. I’m perhaps the wrong one to ask as I’m still using Windows 8 after being pleasantly surprised when I reluctantly changed from XP that I could tailor the Start screen to my own needs and the whole thing wasn’t as bad as I anticipated.

    Most of the local Silvers are using Windows 7 and some Windows 8 or 8.1, which I believe mirrors usage across the world. They have basic needs and probably go along with the dreaded automatic updating. My inclination is to say :

    “if you are happy with what you have and don’t need the new knobs and whistles in Windows10 then carry on. By the time your Microsoft support ends you’ll probably want a new PC anyway, and it will come with Windows 10.” But that begs the question, when does support for 7 and 8 end?

    What would your advice to them be, stick or switch? I have until about June 19th to submit something to the magazine. Can you help a bunch of old geysers decide? (That includes me!)


    Before you Yanks jump in, you need to know that the word “geyser” in the Queen’s English is pronounced “geezer.” But I digress.

    My best advice right now is to wait. We’ll know a whole lot more about the next version of Win10 — the so-called Anniversary Update — by the middle of July. Keep watching for a final word.

    Folks need to understand that Win10 is quite different from Win7 and Win8.1 — not just the interface (which is a little different), but the fact that Win10 gives you very little control over being updated (as “Get Windows 10” victims will understand, as the advertising campaign was forced onto PCs without user consent) and it snoops more than its predecessors.

    Neither of those is horrible, but they’re important points to understand if you want to see the whole picture.

  • Drop shadows on icon text on the Windows 10 desktop

    Posted on May 29th, 2016 at 06:02 woody 6 comments

    Good, obscure question from JK:

    The titles on all my desktop icons have suddenly developed shadows.  Not the icons, just the titles.  Makes the titles hard to read, and I can’t find any way to turn the shadows off.

    Not even in your Windows 10 in 1 huge book for Windows 10 (which has helped me quite a few times).  Any help to get rid of the shadows?

    Usually that happens when you move to a white background – you don’t see the shadows with a colored background, but they become blindingly obvious when viewed on white.

    They’re called “drop shadows” and they’ve been around at least since XP times. They’re enabled by default – they’ve always been there, you probably just didn’t notice them.

    To get rid of them… Right-click Start > System. In the top box, Performance, click Settings. Scan down the list and at the bottom uncheck the box marked “Use drop shadows for icon labels on the desktop.” You might also want to uncheck “Smooth edges of screen fonts” – it’s a matter of personal preference. Click OK. Then reboot.

    Here’s the tricky part. I’ve seen Win10 refuse to follow these settings. I have no idea why, but sometimes you go through the motions, and the drop shadows are still there. (This is a big deal for people taking screenshots on white background. It has absolutely no measurable effect on performance.) If you can’t get Windows to obey the Control Panel settings, you can go into the registry and force the matter.

    Change this value:


    to zero.

  • The Win 7 “SP2” convenience rollup KB 3125574 might actually be worthwhile

    Posted on May 27th, 2016 at 13:14 woody 38 comments

    This just in from Noel Carboni:

    I now have a test Win 7 virtual machine on which I’ve installed the “convenience rollup update”, KB3125574.

    Rather than start with a clean setup I chose a Win 7 system that was up to date as of January 14, had been set to do manual updates only, and was configured for maximum privacy (e.g., settings were tweaked, telemetry jobs were disabled, etc.).   The system also had several updates hidden.

    These are the Windows Updates I had hidden on that system before installing the “convenience rollup update”.  They include GWX and telemetry, as well as the Windows Genuine Advantage update from years ago.

    • KB2952664 (diagnostics to determine whether the system will be compatible with Win 10)
    • KB3021917 (determines if performance issues will be encountered if upgrading to Win 10 and sends telemetry)
    • KB3035583 (GWX)
    • KB3068708 (Update for customer experience and diagnostic telemetry)
    • KB3080149 (Update for customer experience and diagnostic telemetry)
    • KB3123862 (Updated capabilities to upgrade Windows 8.1 and Windows 7 [to Win 10])
    • KB971033 (Update for Windows Activation Technologies)

    I have some uncommon software that allows me to see what communications are being attempted, and I can verify that this particular setup was completely quiet before the update.

    The idea here is to see whether installing the “convenience rollup update” could be useful with an existing system that’s both up-to-date or mostly so, and which had experienced some Windows Update slowness before.

    Today I installed the “convenience rollup update” from the catalog .msu file downloaded from Microsoft.

    I’m monitoring the communications carefully.  Afterward, so far, I haven’t heard an new peeps out of the telemetry software.

    I checked the various scheduled jobs and whatnot.  Pro-privacy configuration changes I had made were left in place, and disabled jobs were left disabled – which surprised me a bit given Microsoft’s recent moves.  Maybe the folks who are doing Windows 7 updates at Microsoft aren’t all bad.  Yet.

    This is good news so far; it hints that this “convenience rollup” update really might be worth using.  However, I’ve only been monitoring it for a few hours after the installation.  It needs to be running for some days (and especially overnight) before I can say with any confidence whether it’s staying quiet.   I’ll let you know if I detect anything out of the ordinary.

    Other observations:

    I tried a manually-initiated Windows Update.   It took a few minutes, then failed with hex error.  However, a notification pop-up came up shortly thereafter claiming an update was available.  I think the error may have happened because it was checking on its own after I had started the Windows Update service, and my manually initiated check couldn’t start up a second instance.

    When I clicked on the notification pop-up, this update was the only one listed as available:

    • KB971033

    After the update, this reduced list is now shown as still hidden:

    • KB3021917 (determines if performance issues will be encountered if upgrading to Win 10 and sends telemetry)
    • KB3035583 (GWX)
    • KB3068708 (Update for customer experience and diagnostic telemetry)
    • KB3080149 (Update for customer experience and diagnostic telemetry)

    As mentioned above, KB971033 is an update from years ago that will actively check to see whether Microsoft wants to deactivate your license.  I use only legitimately licensed software, but I can imagine any number of things could go wrong with that, so as a matter of course I always hide it on all my Win 7 systems.

    It was a bit of a surprise that only that update showed up as available.  What I don’t know is whether they’re trying to tell me that KB971033 must go in before I can see any other updates, or whether there just aren’t any more right now that are not included in the convenience package.  If this update is now required, that represents a change, as it has never been required before.

    Experimentation and observation continues…

    [Woody again… I had a horrible time starting with a clean Win7 SP1 and running the rollup – hours and hours of delays, odd behavior. I’ll try to write it up at some point, but my top priority right now is the second edition of Win10 All-In-One For Dummies — a Herculean task.]


  • Computerworld: Windows 10 books big growth spurt

    Posted on May 27th, 2016 at 10:59 woody 2 comments

    Good analysis by Gregg Keizer, Computerworld

  • New features in Windows 10 beta build 14352

    Posted on May 27th, 2016 at 06:51 woody 13 comments

    Start Fresh, doubling down on Windows Defender, and the beginnings of a LastPass extension that, if it ever works, should be quite remarkable.

    InfoWorld Woody on Windows