• Breaking news: Windows 10 patching improves

    ISSUE 16.3.0 • 2019-01-28
    The weekly AskWoody Plus Newsletter

    In this issue


    Breaking news: Windows 10 patching improves

    Woody Leonhard

    By Woody Leonhard

    Windows 10 updates and patches have given the OS a string of body blows over the past three and a half years, contributing to Win10’s richly deserved bad name.

    Lately, though, there’s reason to hope that Microsoft might be getting its updating act together. And it’s all because of an ancient concept that seemed to have fallen out of favor — testing.

    The recent history of Windows patching has been so bad, it’s turned into a meme. Microsoft transformed a product that we all know and at least tolerate into an object of derision on TV shows, in cartoons, at parties — and even at the dinner table.

    Many people blame the big QA-engineer layoff of November 2014 (Computer World article). No doubt, Microsoft lost many talented testers at the time. And the decision to integrate QA functions into the mainstream development groups might have been an improvement — or not; it’s open to debate.

    Some people blame the possibly well-intentioned — and demonstrably ineffective — Windows Insider Program for putting a public fig leaf on an exceptionally tough technical goal. The value of having 7 (10? 15?) million people testing a beta product seemed dubious from the start. (For decades, many Windows users have felt as if they were Microsoft’s beta testers — after the final code was released.)

    I won’t regale you with endless patching stories of wiped-out data, utterly bricked machines, and unending blue screens of death. Nor do I have to mention the many hours of lost work as Win10 machines suddenly rebooted at the worst possible time. You’ve seen plenty of examples, I’m sure. In fact, if it hasn’t happened to you, count yourself lucky; and I’ll betchya dollars to doughnuts that you know somebody who’s run afoul of Windows patches.

    Microsoft’s Rubicon: Win10 Version 1809

    I’ve been bellyaching about bad patches for years — decades, actually. All to no avail. But it appears somebody in a very high place took notice when Microsoft dropped a buggy October 2018 Update, version 1809, and users had data on their hard drives wiped out. Irrevocably, in some cases.

    But to the surprise of many Windows watchers, there’s been a series of important improvements following the September-October-November-December debacles of Version 1809. As you might recall, the “final” bits of Win10 1809 appeared in September — mostly on testers’ machines, where it was then pushed and yanked and stretched and squeezed — and found wanting. It finally got the sorta-green light in December but was still not widely distributed.

    At some point during that time, Microsoft put a new emphasis on more-thorough patch testing. Both the “feature” updates (in Microsoft-speak) and the bug/security fixes — “quality” updates — were far more rigorous when tested by a small group of people outside the company.

    That’s not an entirely new technique. You might not know it (and Microsoft doesn’t advertise the fact), but several of Microsoft’s largest customers have been getting pre-release versions of patches. But their in-house QA groups are typically under nondisclosure agreements, so they can’t talk about what they find. That doesn’t help the rest of us.

    Returning to the Insider Preview Ring

    Microsoft’s new emphasis on testing employs an old concept called the “Windows Insider Preview Ring.” But that label is somewhat confusing. The similarly named Windows Insider Program you’re probably familiar with focuses on beta-testing new versions of Windows. However, the Preview Ring, as originally formulated, is focused on testing updates to the latest current version of Windows. (The Release Preview Ring was introduced in February 2016 as part of Build 10586.)

    According to the official Insider Program overview documentation:

    “If you want to be on the current public release of Windows 10 but still get early access to updates, applications, and drivers, without taking the risk of moving to the Development Branch, the Release Preview Ring is your best option. The Release Preview Ring is visible only when your Windows build version is the same as the current Production Branch.”

    Microsoft’s terminology has swirled all over the place for years. To translate the above into the currently fashionable buzzwords, that means:

    The Release Preview Ring is what you want if you wish to stay on the latest released version of Windows and get early access to updates, applications, and drivers — and take the risk of moving to the Insider Program’s “fast” or “slow” rings. Note that the Release Preview Ring is visible only when you’re running the latest released version of Windows.

    That’s precisely what Windows professionals do need — a way to test Cumulative Updates to the current version of Windows before they get released.

    During one of Win10 1809’s trips to the toolshed, Microsoft yanked the Win10 October 2018 Update in mid-November (yet again) and started working on a fix that included help from people in the Insider Preview Ring (more info).

    That fix resulted in the re-re-release of Win10 Version 1809 on December 5. It wasn’t perfect, but it was one whole heckuvalot more stable than any previous release of Win10 Version 1809. It took Microsoft two months to get it right — two months after Version 1809 was originally pushed on unsuspecting customers.

    To be sure, the Insider Preview Ring has been used before (here’s a list of releases), but it’s very unusual — and very gratifying! — to see a Cumulative Update go through weeks of rigorous testing outside of Microsoft.

    The PR on QA

    Along with better Win10 testing, there’s been a parallel increase in useful documentation from Microsoft. For the first time, we saw real and reliable lists of rollout problems at the bottom of the main Windows 10 update history page.

    Not long ago, we saw very few formal acknowledgments of bugs in patches — we had to go rummaging through acres of forum posts in many different locations, and decide whether the posters knew whereof they spoke. Now we’re starting to see more bugs acknowledged, and more workarounds receiving official endorsement.

    Again: It ain’t perfect, but it’s definitely a step in the right direction.

    Last week, the Windows Update team posted a YouTube video that’s worth watching:

    If you’ve been following these changes, the video doesn’t contain anything new. Yes, it’s a blatant public relations move for the Windows Update team. But that’s beside the point. The video shows that somebody on the team thinks enough of Windows users to openly discuss improvements in the patching process.

    I don’t think we’ve seen anything like that before — at least not during the Sinofsky and Myerson eras.

    It’s easy to poke holes in specific PR-laden assertions. (Susan Bradley’s “Bring it on” comment is fully apropos.) We have, after all, been fighting these battles for many years. But this time there’s some substance to the marketing pabulum. It remains to be seen how much.

    What we should expect in the future

    Here’s the fundamental problem: Testing cumulative updates is inherently different from testing new versions of Windows 10. The beta testing process for new versions of Windows gave rise to the Windows Insider Program. Fair enough. But the beta testing process for Cumulative Updates to the current version of Windows is a different kettle of fish. “Insider Preview Slow Ring” and “Insider Release Preview Ring” are as different as testing a new Tesla versus adjusting the seat belts.

    Those who want to test Cumulative Updates should be able to take a crack at all versions of Windows 10. Right now, Cumulative Update testers can only take on patches to Win10 Version 1809. If you (or your company, or your hardware provider) want to test Cumulative Updates for Win10 Version 1803 — currently the most-used version of Win10 — you’re out of luck.

    Putting aside other obvious problems (say, the insane process of shipping new versions of Win10 twice a year, or pushing the kitchen sink on folks who click “Check for updates”), Microsoft really should have a way for the intrepid to test the next cumulative update to every active Win10 version.

    Maybe that way they’ll cut back on the number of Win10 versions!

    Questions? Comments? Thinly veiled prognostications of impending doom? Join us on the AskWoody Lounge. Bring your sense of humor.

    Eponymous factotum Woody Leonhard writes lots of books about Windows and Office, creates the Woody on Windows columns for Computerworld, and raises copious red flags in sporadic AskWoody Plus Alerts.

    Green light for patches; yellow for Win10 1809

    Susan BradleyBy Susan Bradley

    After a major misstep, Microsoft is taking another shot and rolling out Version 1809, the 2018 Fall Update.

    January’s batch of updates wasn’t problem-free, either, but they still pass muster.

    Win10 1809

    Microsoft finally starts a broad rollout of Version 1809

    As Woody Leonhard reported in a recent AskWoody post, Microsoft announced it will push out its Fall Update to machines not set for deferred patching. More specifically, the company will target systems deemed to have the best update experience based on “our next-generation learning model.”

    The first evidence of that policy is KB 4023057, an update that showed up on my stand-alone, updates-not-deferred, guinea-pig laptop — a Lenovo X1 Carbon. The patch is reportedly designed to improve the updating-to-1809 process.

    I have yet to see Version 1809 be offered to this system. Take note, however: If you manually check for updates in Win10 settings, Microsoft will flag you as a seeker, and that, in turn, could trigger the installation of Version 1809. So don’t do that!

    I’ve said it before, but it bears repeating: If you have the Home version of Windows 10, you should upgrade to Win10 Pro. You’ll then have the ability to defer updates until they’ve been vetted by security experts and IT professionals. Upgrade now, and you’ll still have a good chance of pushing off this latest release of Version 1809.

    I’m deferring this new release of Version 1809 on all my office computers. Fall Update hasn’t been declared ready for business — and I don’t think it should be immediately installed on home systems, either.


    What to do: Ensure that you have control over when your Win10 system is upgraded. Check that you’re running Win10 Pro.

    Not all Win10 bugs are created equal

    As Woody posted earlier this month, all of January’s Windows 10 updates come with a specific side effect. The problem is tied to the Edge browser and how it interacts with local IP addresses (e.g., router sign-in pages). I assume many AskWoody readers use other browsers; if that’s the case, you’re unlikely to run across the flaw.

    I haven’t been affected by the bug, and because there are many other browser options, I rate this problem as minor.


    What to do: January’s Windows 10 patches appear to be free of any major issues. Install them when you’re ready.

    Updates don’t play well with Access 97

    Another flaw common to all versions of Windows (Win10, Win8.1, and Win7) is significant only if you’re still running Access 97, as I recently posted on AskWoody.com. Installing the updates can cause problems with long file names in Access 97 databases. Again, most of us will never see this issue; we’ve upgraded to newer versions of Access long ago or migrated to SQL Server databases.


    What to do: Uninstall January updates if you’ve been impacted by this Access 97 file bug.


    Windows 7 NTLM bug still not squashed

    On some Win7 systems, installing the January update introduced a bug in NT LAN Manager, an old authentication protocol. Users reported problems accessing file-share locations, and Microsoft subsequently released a hotfix — KB 4487345. However, unfortunately for some, the patch isn’t the cure-all.

    If you’re attached to a domain, you probably won’t see the issue; it shows up mostly on a peer-to-peer network when you’re running with local administrator rights.

    If you installed KB 4487345 and it didn’t fix the issue, add the following Registry key:

    • Launch regedit, click Edit/New/Key, and enter:
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
      \system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
    • Reboot the PC.


    What to do: After installing January updates on non–domain attached Win7 systems, check that you can still access file-shares. If you can’t, install hotfix KB 4487345. And if you still can’t connect, add the aforementioned Registry key.


    Office update needs and update

    Released January 8, KB 4461614 is an Office 2010 security update designed to block a remote code-execution vulnerability. (The fix does not apply to Office 2010 Click-to-Run editions.)

    Unfortunately, Excel 2010 and Access 2010 might stop working after you install the update.

    What to do: If Excel or Access fail after installing KB 4461614, install KB 4462157

    January updating summary

    I’ve installed all January updates on my home and office computers, and I’ve not run into any significant side effects. Although Woody has not given the all-clear for business systems, the lingering issues are not sufficient for me to defer this latest batch of fixes.

    Here’s the quick-list of January patches

    Patch Released Description Status
    KB 4480970 1-08 Windows 7 rollup Install
    KB 4480963 1-08 Windows 8 Install
    KB 4480966 1-08 Windows 10 1809 Install
    KB 4480966 1-08 Windows 10 1803 Install
    KB 4480978 1-08 Windows 10 1709 Install
    Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

    Susan Bradley was for many years the Windows Secrets Patch Watch diva. She’s happy to be back writing in detail about patching and security for the new AskWoody Plus newsletter. In real life she’s a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

    Tech Tip

    Networking: Power over Ethernet

    Tracey CapenBy Tracey Capen

    Wireless networking is ubiquitous in homes and small businesses, but Ethernet remains faster and more secure.

    Used primarily in commercial settings, power-over-Ethernet (PoE, Wikipedia) gear can make it easier to extend wireless networking throughout a home or office.

    Options for extending Ethernet

    Recently, I was about two-thirds of the way through the stressful process of building a new home. The house was closed in with walls, doors, and windows. With the framing still open inside, it was now time for roughing in power and plumbing. It was also time to think about networking and coax cabling throughout the house.

    In simple home setups, broadband comes from a power pole, passes through a wall, and attaches to a modem/cable/Wi-Fi box in one of the rooms. Hopefully, the box can be placed where the local wireless signal will cover the entire house. And if you’re really lucky, that’s all you’ll ever need.

    Unfortunately, it rarely works that way. In addition to Wi-Fi holes, you might have a network printer that doesn’t support wireless, or you might have Ethernet-based, network-attached hard drives for backing up your systems. In short, you need to have Ethernet accessible well away from the modem/Wi-Fi box.

    One solution we’ve discussed in previous articles is using powerline Ethernet adapters. You plug a small box into an AC outlet near your modem, and a companion box in another room where you need Ethernet. Standard Ethernet cables attach the two (or more) adapters to the modem and Ethernet device.

    This setup is simple to install and mostly plug-and-play. But there are drawbacks: appliances such as microwaves can cause interference, and the adapters might take up limited AC-outlet space. When I used the adapters in a home-office setting, I had to reset the boxes about once or twice a month — which meant crawling under two desks to unplug and re-plug the boxes from AC.

    Wireless extenders are another relatively easy option for fixing Wi-Fi holes, but they, too, need a convenient outlet.

    Simplifying installation with PoE

    In the case of my new home, it was easy to run Ethernet and coax cable to various bedrooms, offices, and the living room before insulation and sheet rock went up. All that cabling had to go to a central location, however, and the basement was the logical place — especially so, because my DSL broadband line comes into the house through the basement.

    Terminating all networking and cable-wiring in the basement meant that an Ethernet switch and the DSL box would have to live there, too. But that was obviously a problem for Wi-Fi throughout the house. The solution: Install an Ethernet-connected access point upstairs — and the ideal location was in the ceiling.

    But an access point needs power, and installing an AC outlet in the ceiling was simply not practical. The answer for that problem is to use an access point that supports power-over-Ethernet. I have Cat5 cabling running from the basement to the highest ceiling in the house. When I’m ready to set up the network (when house construction is essentially done), I’ll install an access point onto a low-voltage box already placed in the ceiling and connect the Ethernet cable to it.

    I’ll probably use Ubiquiti’s Unifi Ap-AC Wireless Access Point. Priced under U.S. $100 (Amazon), it gets good reviews and looks like a simple, ceiling-mounted smoke alarm.

    At the other end, I can use an Ethernet switch that supports PoE. But because I already have a good switch, I’ll set up an inexpensive power-injector box next to the switch. The injector is really simple: it has a wall wart for power and an Ethernet plug for connecting to the switch. It has a second Ethernet plug that transmits data on two pairs of wires, and power over one or two pairs. (The PoE access point will separate the data from the needed power.)

    The many uses of PoE

    Again, PoE has been used mostly for commercial applications. It can drive security cameras, digital phones, and even displays. But it’s also applicable in the home, where running an Ethernet cable through walls or ceilings is easier than running both Ethernet and AC. But not all PoE is the same. Depending on the devices you use, there are limitations on how much power you can drive through Cat5. A simple injector can deliver up to about 20 watts. More expensive devices and configurations can go up to about 100 watts.

    Bottom line: In any PoE setup, be sure to match the output of the injector with the power needs of the attached device. (Tech note: Your Ethernet runs are limited to about 300 feet (100 meters). That’s not a limitation of PoE; it’s part of the Ethernet standard.)

    Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

    Tracey Capen is editor in chief of the AskWoody Plus Newsletter.

    Best Utilities

    Freeware Spotlight — Account Profile Fixer

    By Deanna McElveen

    In our January 21 column, we discussed using the free User Profile Wizard utility to move Windows user accounts to a new user or to another domain. But what if you have a corrupted user account that needs repair?

    This task can be quite time-consuming — especially if, for example, Brad in accounting saves all his reef-diving videos to his work computer or Janet in HR has never deleted an email since the dawn of time.

    Windows user accounts can become corrupted in numerous ways: Windows Store apps break, Edge stops working, Start Menu gets wiped out, or Windows creates a temporary profile because the standard profile appears to be broken.

    You can attempt to repair a profile the long and complicated Microsoft way, as described in an MS Support page. And a Windows Secrets article describes how to clone a user profile — a technique that can, among other things, create a clean profile. But both processes might require a special technique for enabling Windows’ Copy profile button.

    Fortunately, there’s a much easier method: using Carifred’s free (donationware) utility, Account Profile Fixer (currently on version Carifred is a French company that offers a variety of PC-repair tools for advanced and professional users/managers.

    Note: This class of utilities often works deep within the Windows system. Be sure you’ve fully backed up your machine before using these tools.

    Account Profile Fixer (APF) supports Windows versions XP through Win10. It’s a portable app and automates the entire task of repairing accounts. It starts by creating a temporary user and then creates a working copy of the damaged account, with all permissions kept intact. Once it’s done creating the new — copied — account, the tool deletes the old, damaged account.

    For safety, APF is careful to leave in place any system folders that might break the new account if moved. When the process does a final system reboot, you have a working profile that looks and acts just like the original.

    APF’s interface is extremely simple, leaving little room for mistakes. With the app up and running, the first screen simply has you pick the profile to be repaired (see Figure 1).

    AFP Screen 1

    Figure 1. APF’s simple interface starts
    with account selection (in this example, a test account called “temp user.” (Source: Carifred)

    After you’ve selected the faulty account, the next screen (Figure 2) displays a couple of choices. You can choose whether to keep Windows Store apps data (it’s unchecked by default). Keeping the data is fine, as long as the problem isn’t related to the Store app. If it is, you could be recreating the same problem in the new account.

    APF data-save options

    Figure 2. Before APF fixes a user profile, it gives you two options. (Source: Carifred)

    We typically check the box for keeping the Store app data. If the problem persists, we can always run APF again with the box unchecked.

    The other choice is whether to save Windows system Appdata (settings related to user, more info). As with the Store app data, we set the system Appdata box to checked (data saved).

    The final screen (see Figure 3) shows the status of the repair process. APF creates a temporary admin account and then reboots the computer. Once the app is signed in as an admin, it can clone and fix the damaged account. As a final step, APF removes both the damaged account and the temporary admin account. After a reboot, you’ll have a working account with the same name and credentials.

    Repair-progress screen

    Figure 3. A third screen shows the status of the repair process. (Source: Carifred)

    When you first sign in to the repaired account, APF shows a simple log of what it accomplished, as shown in Figure 4. If the repair has failed, the log will display more details for troubleshooting.

    Account repair log

    Figure 4. A short log file confirms a successful repair. (Source: Carifred)

    Important note: If you’re repairing a Microsoft account, the new profile will be a local account. To convert it back to a Microsoft account, go to Settings/Accounts and choose the option “Sign in with a Microsoft account instead.”

    Our OlderGeeks.com site is dedicated to ad-free utility downloads. Click this download link for a free copy of Account Profile Fixer.

    Questions or comments? Feedback is also always welcome in the AskWoody Lounge!

    Deanna and Randy McElveen are celebrating 20 years in the computer business, seven years running OlderGeeks.com and 26 years of putting up with each other. Their computer store is in a small town in the Missouri Ozarks. Believing that happy customers are always the best advertisement, they hope to do it for another 20 years.

    AskWoody sponsorships: Meet Rimi

    By Fred Langa

    Longtime Windows Secrets readers will remember a time when we sponsored needy children around the world.

    Each month, a small part of the contributions Windows Secrets received from paid subscribers funded a new, year-long sponsorship.

    AskWoody also made contributions to groups such as the Tibetan Children’s Fund, Tsunami Relief funds, and other worthy causes.

    Now, with the combination of AskWoody and Windows Secrets, we’re resuming that tradition of helping children, and our first sponsorship goes to a young Bangladeshi girl — Rimi. With your assistance (and at no additional cost to your AskWoody subscription), we hope, over time, to help many other children. Simply put, the more AskWoody Plus members, the more kids we can support!

    About Rimi


    Graham Greene once said, “There is always a moment in childhood when the door opens and lets the future in ….” If you’re already an AskWoody Plus subscriber, thank you! You can feel good about helping to open “a door to the future” for a child in difficult circumstances.

    If you’re not yet an AskWoody Plus subscriber, keep this in mind. Supporting AskWoody will help you make the most of your hardware, software, and time online; and you’ll also help support kids like Rimi to make the most of their young lives.

    Many thanks from the AskWoody staff!

    Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

    Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

    Your email subscription:

    Copyright © 2019 AskWoody LLC, All rights reserved.