AskWoody
|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
All roads lead to Win10 1909 — but you can take your time
Posted on November 18th, 2019 at 01:15 Comment on the AskWoody LoungeWOODY’S WINDOWS WATCH
By Woody Leonhard
For a change, Microsoft is letting everybody decide when to upgrade to the latest release of Win10 (Version 1909) — provided they’re already running the penultimate version, Win10 1903 (and in some cases Version 1809).
That’s good news, and it represents a sea change in Microsoft’s pushiness.
Read the full story in AskWoody Plus Newsletter 16.42.0 (2019-11-18).
-
A time-saving shortcut for new-PC setups?
Posted on November 18th, 2019 at 01:10 Comment on the AskWoody LoungeLANGALIST
By Fred Langa
What are the pros/cons of copying the entire contents of the “Users” folders to a new PC, en masse?
It’s a very fast way to move user data into a new PC, but what else might be going along for the ride?
Plus: Great resources for testing firewalls and routers, and is it safe to use a high-rated battery charger on a low-rated device?
Read the full story in AskWoody Plus Newsletter 16.42.0 (2019-11-18).
-
Ready or not, Win10 Version 1909 is here
Posted on November 18th, 2019 at 01:05 Comment on the AskWoody LoungePATCH WATCH
By Susan Bradley
The September Windows 10 feature release … um … no, the November feature release — well, in any case, the 1909 version is finally out.
This time around, Microsoft is apparently doing something new that just might take some of the pain out of upgrading Windows 10. As Woody notes in a Computerworld column, Version 1909 has the feel of a Windows 7–style service pack.
Read the full story in AskWoody Plus Newsletter 16.42.0 (2019-11-18).
-
Working outside an admin account: Safe but annoying
Posted on November 18th, 2019 at 01:00 Comment on the AskWoody LoungeWINDOWS
By Lincoln Spector
You’ve probably been told to have both a standard Windows account for safety’s sake and an administrator account because Windows demands one.
But let’s face it, most of us have ignored this advice because … well, juggling two accounts isn’t much fun. It’s especially annoying when using a standard account and you’re constantly asked for the password proving you’re allowed into the administrator sanctum. It’s worse when you’re not asked for the password — and you have to figure out how to bring up the dialog box for entering it.
Read the full story in AskWoody Plus Newsletter 16.42.0 (2019-11-18).
-
Canadian Tech: How to rebuild a Win7 system with minimal snooping
Posted on November 17th, 2019 at 09:31 Comment on the AskWoody LoungeFor those of you who need (or want) to rebuild a Win7 system, but don’t want to get stuck with all of the “telemetry,” Canadian Tech has a detailed checklist that covers what you need and what you don’t. I’d appreciate your comments.
Remember that we don’t know what data Microsoft scarfs with its telemetry updates. I have a sneaky suspicion that it’s not very different from the telemetry in Win10.
From Canadian Tech:
Rebuild — Windows Update (September, 2019)
Windows Update had been a standard of security that was heavily relied upon by scores of Windows users for decades. Applying the once monthly updates became a mandatory ritual that most all Windows owners followed. Windows Update is by default automatic. For all those decades it worked largely flawlessly.
Unfortunately, the quality of Windows Updates has fallen off badly. This has given rise to numerous defective updates that cause a whole range of problems. Many updates are re-issued, some many times over.
Coincident with this falloff in quality, starting just after Microsoft ended Windows 7 development (December 31, 2014) and began security-only “support,” Microsoft changed the objectives of these updates from primarily security-only, to feature-related along with security. The “features” often contain(ed) changes to Windows 7 that some owners did (do) not want. At first they could selectively reject specific updates. October 2016, Microsoft changed the way it assembled updates in a way that no longer allows people to be selective. They call this new type of update “Roll-ups”. These Roll-ups are an all or nothing kind of deal, that includes all manner of “updates” that are largely unpublished. There is a way to get just the security updates, but it is complex and fraught with problems unless you are a serious technician. Therefore out of reach of most people.
Best advice is to set Windows Update setting to “Never check for updates.” Unfortunately, that means Windows Update no longer works automatically, but requires the user to manage the update process. However, this is the only way to take control of the situation. Enterprise IT folks have always done it this way.
If you really must continue to update, in spite of my advice to not do so, do NOT do updating until the day before the next cycle begins on the 2nd Tuesday of the month. That allows time for most of the erroneous updates to get fixed. Woody Leonhard, a tech writer extraordinaire, operates a web site, which does an excellent job of advising on Windows Update. It features his MS-DEFCON rating system that tells you when NOT to update, and when to do so. There is even a section on his web site www.askwoody.com, that specifically deals with Windows 7 updating.
The security-only crowd (Woody calls them Group B) was popular at first but by June of 2017, that strategy fell apart because defects in security only updates got fixed in the “roll-up updates.” So, that made security only updating impractical for all but the most technically competent.
Woody’s recommendation is that Windows 7 owners should stick to Group A, which just accepts all Microsoft roll-up updates and simply allows whatever changes Microsoft decides to make.
Another group, Group W, of which I am a member, simply does no further updating. That group has decided the risk of not applying updates that could immunize your system from some disease, hacker or virus is a lesser risk than applying updates and allowing your system to become something you would not buy if you had a choice, or risk having defective Microsoft updates fouling your working system. Of course this strategy includes some other choices that become far more critical: A very good antivirus program, switching to a browser that will be updated and therefore be more secure, and the acceptance that the January 2020 date that Microsoft has set for the end of updates for Windows 7, has already come.
At this date, I support 122 Windows 7 systems, and have for 16 years now. None of these are enterprise systems, just home PCs. All systems have a major Anti-virus product that I have selected. Most have switched to Chrome browsers, which no longer requires the security problem prone Adobe Reader, Adobe Flash Player or Java. These three programs are needed by Internet Explorer, but not by Chrome, and are a common hacker/virus attack vector. The fact is that the Chrome browser is now in use by more than 2/3’s. None of these systems have versions of Microsoft Office any more recent than 2010. None of these systems has had Microsoft updates since May, 2017. That is 30 months now. Not a single one of them has had a problem of any kind. In fact, my support activities have fallen off by at least 75% as these systems have become so stable and reliable that problems just do not occur. Most of my work is now hardware maintenance.
When I re-build a system, I follow a very specific process of updating. Note well that I do not apply any updates after May 2017:
Please remember to do a very complete backup of your data. Use the Windows Easy Transfer tool (part of Windows &) to create a special file that includes most of your data and all the myriads of settings you have done to personalize your system. Be prepared to re-install application programs that you want.
- Use a Win7 install disk with SP1. This disk need only match the product type (home, pro, etc.) an bitness (32 or 64) of your Microsoft Product Key
- Select Custom, not Upgrade
- Switch to advanced and Delete all partitions. Only one logical partition – C:, which will be created by the installer.
- After install, install network drivers if not installed already. Then activate.
Do NOT install anything until all Windows Updating is completed. Not even antivirus.
- Set Windows Update to Never
- Download and install either one or two updates manually. ***Note exception below if not starting with SP1 disk. In most cases only the first (KB3138612) of these is needed. If that produces a result that says the update is not appropriate for your computer, you need to first install the 2nd of these (KB3020369), then install the first (KB3138612). Choose the one that is for your machine — 32 bit (X86) or 64 bit (X64).
KB3138612
32 bit,
https://www.microsoft.com/en-
us/download/details.aspx?id= 51208 64 bit
,https://www.microsoft.com/en-
us/download/details.aspx?id= 51212 KB3020369:
32 bit
https://www.microsoft.com/en-
us/download/details.aspx?id= 46827 64 bit
https://www.microsoft.com/en-
us/download/details.aspx?id= 46817 - Switch from Windows-only updates to Microsoft updates
- Reset Windows Update setting to Never
- Start Windows Update
- When a list of updates is offered (likely nearly 200 or so), refuse the following updates by right-clicking on them and choosing hide
Anything labeled Roll-up, with the exception of .net roll-ups
Any update that is NOT described as “Security” whose issue date is later than December 31, 2014. That is the date Windows 7 development ended.
Any update that is labeled Security that is dated after September, 2016
Any Office update whose issue date is later than May 2017, displayed on the right
You do not want any optional updates
*** If you cannot find an SP1 install disk, the step where the 2 specific updates (KB3138612 and KB3020369) described and linked above does not get done until the updating process installs SP1.
- Install any missing drivers, using drivers downloaded only from the OEM support page.
Install the following Security-only updates for October 2016 through May 2017.
You can find an excellent guide on this topic at:
You do not need to restart until all these updates are completed. When you do restart, it may take a while to process it and get back to your desktop screen
- October, 2016 KB3192391:
64 bit:
32 bit:
- November, 2016 KB3197867
64 bit:
32 bit:
- December, 2016 KB3205394
64 bit:
32bit:
http://download.windowsupdate.
com/d/msdownload/update/ software/secu/2016/12/ windows6.1-kb3205394-x86_ e477192f301b1fbafc98deb94af80c 6e94231e54.msu - January, 2017 KB3212642
64 bit:
http://download.windowsupdate.
com/c/msdownload/update/ software/secu/2017/01/ windows6.1-kb3212642-x64_ f3633176091129fc428d899c93545b dc7821e689.msu 32 bit:
http://download.windowsupdate.
com/c/msdownload/update/ software/secu/2017/01/ windows6.1-kb3212642-x86_ d5906af5f1f0dc07a5239311b16961 9ce255ab12.msu - February, 2017. There were no updates this month
- March, 2017 KB4012212
64 bit:
32 bit:
- April, 2017 KB4015546
64 bit:
32 bit:
- May, 2017 KB4019263
64 bit:
32 bit:
- May, 2017 IE update KB4018271
64 bit:
32 bit:
Microsoft Office: install in the usual fashion, then run Windows Update again. Do NOT install any Windows update of any kind. Un-check each and every one of them. Then carefully go through the Office Updates offered. Simply select the first with one click, look to the right for the date of issuance. If that date is later than Mayy, 2017, un-check it. Then proceed to the update process. In other words, you only want office updates that were offered prior to June 2017.
After Windows 7, system drivers and all updates are installed and any stable applications like Microsoft Office are installed and updated, and before any data or dynamic applications are installed such as antivirus software, create a system image. It will take 3 or 6 DVD +Rs (not -Rs) and about an hour. When you are done you will have a very nice bit of insurance. Should you ever again need to re-build a corrupted system or replace a hard drive, you will have a precise duplicate of your system as it is at this point. You can restore that image to a hard drive in 20 to 60 minutes. Creation of System Image is found in your menu under Maintenance, Backup and Restore.
Another great feature about creating the image is that you do not need an install disk or a product key to do the re-install the next time, all your drivers will be installed and you will have saved yourself all the time you put in this time, and have a complete functioning system.
You will, in fact, have a final-state Windows 7 installation which could run on this particular computer as long as the computer hardware itself holds up and the software you prefer is still usable. Your system will already be activated and you will not need an install disk or Microsoft Product Key again. In fact, Microsoft could evaporate, and your Windows 7 system would still function just fine, even if you had to install a new hard drive.
I emphasize the need for PLUS R DVD blanks. Do not use the more common MINUS R DVD blanks.
- Install software, ending with antivirus software.
- Then copy your data into the newly created system.
-
Please say goodbye to my Sainted Aunt Martha
Posted on November 16th, 2019 at 07:56 Comment on the AskWoody Lounge
Those of you who have been reading my stuff for a while no doubt recall my Sainted Aunt Martha. She’s the prototypical kind and gentle lady who doesn’t understand computers but wants to use them anyway, and needs to be protected in a no-interaction-required sort of way.I’m sure everybody has a Sainted Aunt Martha in their families.
I’m very happy to announce that MY Sainted Aunt Martha just passed comps for her Ph.D. in CS. So I won’t be using her as a role model any more.
I do, however, have an uncle who uses computers but doesn’t understand (or want to understand, or need to understand) them. Have to think of a name for him…. Suggestions?
-
When Windows 10 Feature Updates don’t go smoothly
Posted on November 15th, 2019 at 21:45 Comment on the AskWoody LoungeLast weekend, I decided to bite the bullet and update a Win10-1803 Pro machine to Win10-1809, using Windows Update. I’d taken a system image backup, and as it wasn’t my production machine, I wasn’t too worried.
This machine is under a year old, a purchase necessary when a hardware failure put paid to my trusty Win7 Pro laptop. It allows me to work more than I can manage at my desktop, and does most of the hard yards online, especially here.
Windows Update installed 1809 x64 2019-10B – this was before Woody changed MS-Defcon from 4 to 2. It took 20 minutes to Prepare to Install, and nearly 2 hours to download, and several hours to install.
Needless to say, it didn’t go to plan… The first indication of a problem was after several hours of installing, when a blue screen appeared bearing the words “Stopcode” and “Bad Pool Header”. It restarted, still on 1803, pending install. It continued installing. Eventually it restarted, and I was able to see KB 4521862 and KB 4519338 had installed – along with a bunch of drivers being updated, when the Pro settings were not to download drivers from Windows. I also noticed I hadn’t had to reset the Metered Connection settings to allow the update to download!
After it finished its update, it wasn’t working properly. It looked fairly normal, but restarting started problems – none of the visible desktop items actually worked – not the Start button, any of the TaskBar icons, or anything other than the Ctrl>Alt>Del routine.
I tried Sign Out. It took ages. It caused a loop of: Hi; We’re getting everything ready for you; This might take several minutes – don’t turn off your PC (that part remained until it got to Hi again); Leave everything to us; Windows stays up to date to help protect you in an online world; Making sure your apps are good to go; It’s taking a bit longer than expected, but we’ll get there as fast as we can. This loop took 5 minutes to restart, again, and again, and again.
It had been over 12 hours since the process started at this point. As I had to do my day job, I just left it chugging away in the background while I got on with earning an income. Over 5 hours later, it finally came up for air – a desktop, but still not functioning.
Along the way, I saw various errors:
Error 0x80072EE7
The gpsvc service failed the sign-in – access is denied
windows\system32\config\systemprofile\desktop is unavailableTo add to my woes, it wanted to restart itself again, where it re-entered the 5+ hour loop. I still had work to get done, so I just let it be. No stopcodes this time, but still it didn’t work.
I couldn’t access safe mode, even with Recovery Tool USB access. Start Up Repair “couldn’t fix [the] PC”. Using the Recovery Tool, I was able to access the Command Prompt, where SFC /SCANNOW reported “Not enough memory resources are available to process this command” the first time, and then, after it went through 100%, “Windows Resource Protection could not perform the requested operation”. Attempting to use Restore Points was another failure – they were listed, but “unavailable”.
At this time, I decided it was time to try to restore the system image. Again, the gpsvc error. Apparently there had been some issue prior to the update attempt? I had to put it aside for a few days, until I got time to address it properly. By this stage, I was heading for an ISO file on a USB stick. This laptop now needs to be reset from the ground up, going back over all the metered connection, deferred updates, Customer Experience, Start Menu apps settings etc. etc. etc. – and I’m sure there’ll be something important I forget!
Having got the ISO installed, I was able to run SFC / SCANNOW and DISM /Online /Cleanup-Image /RestoreHealth. All 100% clear, thank goodness.
There are only 5-6 programs to reinstall. If this had been a production machine, I’d have dozens of programs to have to reinstall. It’s still going to take another day or two until I get it back to normal, as I have other things I need to prioritize. If I’m a bit cranky this weekend, you now know why!
I’m really lucky I have a wealth of knowledge, support and expertise here at my disposal. A normal home user would have ended up paying for professional technical support, and if it had been my production machine, would have resulted in a loss of chargeable hours. I’m counting my blessings!
-
What we know about the Win10 version 1909 upgrade: Easily managed by most; tricky for some
Posted on November 15th, 2019 at 14:07 Comment on the AskWoody LoungeThe details are hairy, but the bottom line is pretty simple.
If you start from Win10 1903, you have complete control over when you’re upgraded to Win10 1909. Remarkably, that’s true for both Home and Pro (and Enterprise and Education) versions.
If you start from Win10 1809 Pro, the details are a bit more difficult but in the end you, too, have easy control over the upgrade.
If you start from Win10 1809 Home, life’s considerably trickier. You’re probably better off upgrading to 1903 — and avoid clicking “Check for updates.”
Full details in Computerworld Woody on Windows.
Thx for extensive testing from @abbodi86, @b, @PKCano
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.
Recent Replies
Rick Corbett on virtualize my old XP install
1 hour, 14 minutes agomn-- on When Windows 10 Feature Updates don’t go smoothly
1 hour, 23 minutes agoAJNorth on Please say goodbye to my Sainted Aunt Martha
3 hours, 11 minutes agorc primak on Warren: Google’s experimental change to Chrome crashed the browser
3 hours, 17 minutes ago- 3 hours, 21 minutes ago
- 3 hours, 24 minutes ago
- 3 hours, 33 minutes ago
- 3 hours, 33 minutes ago
Paul T on virtualize my old XP install
3 hours, 40 minutes ago- 3 hours, 46 minutes ago
OscarCP on Working outside an admin account: Safe but annoying
3 hours, 48 minutes ago- 3 hours, 54 minutes ago
- 3 hours, 54 minutes ago
- 3 hours, 56 minutes ago
- 4 hours, 9 minutes ago
- 4 hours, 14 minutes ago
- 4 hours, 16 minutes ago
- 4 hours, 19 minutes ago
- 4 hours, 20 minutes ago
- 4 hours, 24 minutes ago