Closing the year on patching

Topic

New Reply

PATCH WATCH By Susan Bradley We need a little Copilot, now. I have a favorite Christmas song called “We Need a Little Christmas” (now). That comes to
[See the full post at: Closing the year on patching]

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

deuce120, lmacri, DLivesInTexas, fisher75, abbodi86

Reply | Quote

Replies

You’re no doubt familiar with the little blank space at the end of the Windows 10/11 taskbar, which is actually a button to show the desktop. That’s been present by default in Windows 10.

What blank space ?

Apple has been the hardware Grinch, providing very short support windows for many of their products.

You regard support for 7 years and more as ‘short support’ ?
https://support.apple.com/en-us/HT201624

Reply | Quote

I didn’t know that there was a show desktop button in all my time using Widows 10 Home Edition. Where is it and what settings need to be changed to get it back?

Reply | Quote

Bottom right corner:

How to find, use, and modify the Windows 10 Show Desktop button

It only does exactly the same as WIN + D by default.

Nothing needs to be changed back YET, as it’s only a Microsoft whim in a Developer Preview for Windows 11 so far. If it ever gets eliminated in general release versions that could be reversed in Taskbar Settings with a “Select the far corner of the taskbar to show the desktop” option:

Microsoft wants to replace the “Show desktop” button with Copilot in Windows 11

5 users thanked author for this post.

Chris B, Geo, 280park, satrow, Rush2112

Reply | Quote

Thanks! I never knew it had existed before and yes mine does work. I had noticed the line before, but didn’t know what it was. Or until now at least.

1 user thanked author for this post.

b

Reply | Quote

Given that we’re used to a 10 year (and more with ESU) in Windows land, yes, I consider 7 years short.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

Ascaris, Alex5723

Reply | Quote

I have a fraught relationship with Microsoft accounts ever since I made the foolish decision to use one microsoft ID for business and one for personal when I was dual booting a single laptop.

So when you mentioned possible issues with Bitlocker if you can’t access your microsoft account I followed your directions and arrived at Control Panel > System and Security > Bitlocker Drive Encryption.
This screen tells me not that Bitlocker is on or off, but that the C drive is in a state described as “Bitlocker waiting for activation”. There’s a link to turn it on, but I can’t see any way to say “no thanks”. I’m not clicking on anything in this screen until I know what it will do!

I presume I’m safe but I’d like to be sure.

The machine is a Dell XPS15/7590 running Windows 11 Pro 22H2 (22621.2861).

cheers
T

Reply | Quote

If you go to Settings, Privacy and security, Device Encryption you should find options to Turn off OR use a Microsoft Account to activate:

You should select one of those two options.

(I believe that if you really wanted Device encryption without the safety of the key being saved to a Microsoft account, clicking Turn on BitLocker where you saw it in Control Panel would give you the opportunity to save the key locally to a file (not on C:) or to print it instead.)

Reply | Quote

Hmm.

I’ve had this laptop for at least a couple of years now, and I’ve never viewed the encryption options before. But I don’t see your options, this is what I see instead:

If I click on the device encryption toggle I get presented with this:

which implies that the disk is encrypted already??

This is hardly clear. The “sign in” line implies the device hasn’t been encrypted yet, the blue warning implies that it has.

Apologies to Susan, her attempt to head off anxiety has – in my case – served to create it.

cheers
T

Reply | Quote

aquatarkus wrote:

But I don’t see your options, this is what I see instead:

Sorry, I could only find a Windows 10 screenshot showing how both options appear when device encryption is waiting for activation. But your options are the same even if they look slightly different.

aquatarkus wrote:

If I click on the device encryption toggle I get presented with this:
..
which implies that the disk is encrypted already??

Data is encrypted but not yet requiring a key. Encryption protection is never fully activated until a recovery key has been saved somewhere.

aquatarkus wrote:

This is hardly clear. The “sign in” line implies the device hasn’t been encrypted yet, the blue warning implies that it has.

The “to finish” on the sign in line indicates the need to save a key to enable protection.

You have two (or three) options: Turn it off, use a Microsoft account (or save a key locally by using control panel — and never lose it).

aquatarkus wrote:

I’ve had this laptop for at least a couple of years now, and I’ve never viewed the encryption options before.

It should be significant to some that automatic device encryption never caused you a critical issue in all that time. (“IF, not WHEN!”)

Reply | Quote

b wrote:

It should be significant to some that automatic device encryption never caused you a critical issue in all that time. (“IF, not WHEN!”)

Until it does.

Reply | Quote

PKCano wrote:

Until it does.

Ten years ………. still waiting.

Reply | Quote

PKCano wrote:

Until it does.

b wrote:

Ten years ………. still waiting.

A quick search with your favorite search engine will show that many people are no longer waiting; rather they’re waiting for a solution for their particular problem with Bitlocker.

I don’t want to sign in on my PC’s with a Microsoft account, so there is no Microsoft account on my PC’s.  I have no use for file or device encryption, so I have Bitlocker disabled in Services.

I create enough problems (and also fix them) on my own with my inveterate tinkerin’.  I don’t need any help from Microsoft to create additional problems; that’s the reason I have most of Windows’ “Features” either disabled or uninstalled.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

satrow, PKCano

Reply | Quote

bbearren wrote:

A quick search with your favorite search engine will show that many people are no longer waiting; rather they’re waiting for a solution for their particular problem with Bitlocker.

This discussion is about automatic device encryption.

Reply | Quote

b wrote:

This discussion is about automatic device encryption.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

bbearren wrote:

Not automatic. Where does it take you?

1 user thanked author for this post.

bassmanzam

Reply | Quote

There has been enough anecdotal posts about someone being locked out when they didn’t enable device encryption for me to start not only actively warning about this.  If I keep one person from getting locked out of their data, I will have saved that one person.

Does it happen all of the time?  No it does not.  But my Dad does bitlocker and has had an instance where it asked for the recovery key and I’ve seen enough reports that it clearly hiccups every now and then.

I think we can all agree that while it does not occur ALL of the time, it occurs enough that people who did not enable device encryption, nor intended to enable device encryption needs to be aware and take action to actively disable it.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

lmacri

Reply | Quote

Susan Bradley wrote:

There has been enough anecdotal posts about someone being locked out when they didn’t enable device encryption for me to start not only actively warning about this. If I keep one person from getting locked out of their data, I will have saved that one person.

How many have you heard of where the only ultimate solution was to reformat?

(When you had to reformat a server, why wasn’t the recovery key stored in AD?)

Susan Bradley wrote:

Does it happen all of the time? No it does not. But my Dad does bitlocker and has had an instance where it asked for the recovery key and I’ve seen enough reports that it clearly hiccups every now and then.

That instance wasn’t automatic or unintended. I agree that Bitlocker recovery key requests are not rare, e.g. triggered by BIOS updates on some brands. But I’m extremely dubious that it ever happens before activation and key saving (somewhere).

Susan Bradley wrote:

I think we can all agree that while it does not occur ALL of the time, it occurs enough that people who did not enable device encryption, nor intended to enable device encryption needs to be aware and take action to actively disable it.

You could warn people not to use a work or school account on a home computer without first checking device encryption status. Or recommend using a Microsoft account at least once:

Susan Bradley wrote:

… the recovery keys – ideally – in a place like a Microsoft account …

Reply | Quote

And my apologies, but you have exactly the sort of situation I want to call attention to.  There is a rare chance that at some point in time after a patching it may ask for a recovery key that you don’t have.  It’s supposed to not ask for one, it should allow you to reboot several times and get it’s functionality back, but since you don’t want device encryption my recommendation is to turn it off.

Encryption is great, until it’s not and you are faced with it asking for a recovery key you have no idea what that is.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

aquatarkus

Reply | Quote

b wrote:

If you go to Settings, Privacy and security, Device Encryption

Windows 10 Pro 22H2. I have no Settings, Privacy & security, Device Encryption.

Reply | Quote

Alex5723 wrote:

b wrote:

If you go to Settings, Privacy and security, Device Encryption

Windows 10 Pro 22H2. I have no Settings, Privacy & security, Device Encryption.

I was answering a Windows 11 question. Yours is at Update & Security.

Reply | Quote

Alex5723 wrote:

Windows 10 Pro 22H2. I have no Settings, Privacy & security, Device Encryption.

Hi Alex5723:

I can turn BitLocker On/Off on my Win 10 Pro v22H2 machine at Control Panel | System and Security | BitLocker Drive Encryption (mine is currently OFF).  However, if I launch System Information with elevated Administrator rights (search for System Information, right-click and choose “Run as Administrator” ***) I see this for Device Encryption Support:

According to the Microsoft support article Device Encryption in Windows you will not see a settings at Settings | Update & Security | Device Encryption (FYI – I don’t) unless System Information shows that Device Encryption Support has a value of “Meets prerequisites” and Device Encryption is available on your system.

*** NOTE: If I do not select “Run as Administrator” when I launch System Information the value for Device Encryption Support is “Elevation Required to View”.
————
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3803 * Firefox v121.0.0 * Microsoft Defender v4.18.23110.3-1.1.23110.2 * Malwarebytes Premium v4.6.6.294-1.0.2201 * Macrium Reflect Free v8.0.7783

Reply | Quote

Alex5723 wrote:

b wrote:

If you go to Settings, Privacy and security, Device Encryption

Windows 10 Pro 22H2. I have no Settings, Privacy & security, Device Encryption.

maybe your device does not support device encryption, Alex5723

Reply | Quote

Or maybe, like me, he set NtfsDisableEncryption=dword:00000001 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem which “disables” drive encryption for all drives and “hides” that option.

Reply | Quote

EP wrote:

maybe your device does not support device encryption, Alex5723

Yes, it does.

I don’t have Settings – Privacy and security..

Reply | Quote

You only get Privacy & Security with Windows 11. 😁

1 user thanked author for this post.

Alex5723

Reply | Quote

Susan Bradley wrote:

yes, I consider 7 years short.

Given that we used to 1-3 years of PC hardware, Firmware, drivers.. support, I consider 7 years of hardware and software support to be long.

Reply | Quote

1-3 years support must have been in a business or corporate setting. I’ve got 2 laptops that were new in 2015 and run Win 10 very well and will continue to do so right up to Win 10 EOL, giving me 10 years of support and perhaps more if the extended support comes to fruition. These are perfectly good laptop computers, so yes, I too think that 7 years is short.

Reply | Quote

Have you looked around the forums and how long some of our members have computers running?

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Alex5723 wrote:

Given that we used to 1-3 years of PC hardware, Firmware, drivers.. support, I consider 7 years of hardware and software support to be long.

I am not exactly sure what you mean by saying we used to 1-3 years (I suspect a word or two may have been deleted during editing– I do that kind of stuff all the time), but if you mean we are used to 1-3 years with PC hardware, I would strongly disagree that this is something I have ever considered normal or acceptable. I have read that many people think that is fine with phones, but we have much higher standards in the realm of PCs.

I’ve never sourced drivers from the manufacturer of my machine even back in my Windows days, so I don’t find that to be important. Most PCs are made completely of commodity hardware, so one is not usually dependent on the PC manufacturer for any drivers. The bit about it maybe being modified by the PC manufacturer (so be sure to only get them from your OEM!) is very seldom true, and most drivers offered by the PC are the exact drivers released by the component maker, with the PC manufacturer branding added.

Windows, of course, is not a product of the PC manufacturer either, so there is no route for a PC manufacturer to stick a time bomb in there and arbitrarily state that it will not update beyond a given date or a given version of Windows.

This is why I had no difficulty getting my Asus F8Sn laptop, which originally came with 32-bit Vista, running with Windows 7 x64 and 8.1 x64. Everything worked, including the fingerprint reader and the software required to make it work. The F8 was (and is, though it is not in use anymore) flawless with those later versions of Windows, and was no slower or less responsive than it was with the OS with which it came.

That unit was also able to run Windows 10… I tried it on there to see if it would work, and it did. No ! symbols in the Device Manager, everything working as expected.

The point of all of that is that Asus dropping their support for the F8  in terms of drivers (they never offered any drivers except those for Vista 32-bit and XP 32-bit anyway) didn’t matter at all in terms of being able to get it working perfectly well with later OSes. Asus, the manufacturer of the PC, the manufacturers of the various bits within the PC (who generally also write the drivers), and the maker of the OS are three completely distinct entities that are not all working according to one marketing plan.

Even if Asus would have liked my F8 to become obsolete by a certain point, they couldn’t force the issue. They could not have issued an edict that the F8 will never receive a 64-bit OS or that (for example) Vista SP3 will be the last Windows version that will run on it. If Microsoft decides that the most recent Windows will run on my hardware, the OEM can’t stop me from upgrading, and as the seller of an OS that is also sold as a retail boxed edition that it wants to be usable with as many PCs as possible, MS has until very recently had each new Windows version support nearly all of the hardware that is still out there in non-trivial numbers, even if it is quite old.

The only thing that would limit me then would be driver support for the components within the PC, but since these companies who make those parts are also not concerned about Asus’ hypothetical desire for my F8 to be obsolete, they keep issuing updated drivers for those bits for at least as long as any of the PC makers who also used that part want them to, and if they are available for that one OEM, they are available to everyone.

It’s not like that with Apple, which controls the hardware, the drivers for the various components within the thing, and the OS. The user is much more dependent on the whims of Apple when it comes to being able to use that hardware with the OS with which it came. That is a level of control that only comes from one company supplying the computer itself, the drivers, and the OS.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

https://status.it.ubc.ca/incidents/jbgq7qslbj21?u=x8npr4065fw4

Note that it indicates that they are not seeing this in home settings.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

DrBonzo wrote:

I’ve got 2 laptops that were new in 2015 and run Win 10 very well and will continue to do so right up to Win 10 EOL, giving me 10 years of support

My brother’s PC is 11 years old using Intel 3xxx and running Windows 10.

I am talking about all OEMs drooping hardware, Firmware/BIOS, drivers..support after a year or 3 years (paid extended support).

* My brother can “pride” himself of running Windows 10 but monthly updates take 2 hours + to finish, boot takes ~10 minutes with the only software installed of VLC, Canon Printer software and Chrome browser.

Reply | Quote

Alex5723 wrote:

My brother can “pride” himself of running Windows 10 but monthly updates take 2 hours + to finish, boot takes ~10 minutes with the only software installed of VLC, Canon Printer software and Chrome browser.

That’s nothing to be proud of, IMO. When I was using my Asus F8Sn (mfg. c. 2007) with Windows 8.1 in 2015, it booted faster than it had with Vista, even before I swapped in an SSD (which made it much faster still). I don’t have any numbers, but it was way less than one minute with the HDD. It was about the same with Windows 10 when I tried it.

FWIW, my Dell G3 3579 “budget” gaming laptop still gets firmware updates despite being about 5 years old. My newer Xenia 15 gaming laptop, which is an Intel white box design rebadged (they are sold by at least ten different “manufacturers”), stopped about a year ago. Nice hardware, but if Intel had not already said they were exiting the NUC market (this unit is sold as a NUC even though it is a pretty standard laptop), it would definitely be a point against them when it comes to my next purchase (which I am thinking really should be an AMD-based unit). Not all PC makers are the same, and fortunately, I have a lot of choices.

 

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon 6.2
XPG Xenia 15, i7-9750H/32GB & GTX1660ti, Kubuntu 24.04
Acer Swift Go 14, i5-1335U/16GB, Kubuntu 24.04 (and Win 11)

Reply | Quote

Ascaris wrote:

FWIW, my Dell G3 3579 “budget” gaming laptop still gets firmware updates despite being about 5 years old.

My 5 years old gaming Lenovo Y530 laptop stopped getting firmware, drivers….2 years ago (I did pay for 3 years extended support).

Reply | Quote

Microsoft received reports about issues connecting to Wi-Fi networks

Status Resolved

Affected platforms Client Versions Message ID Originating KB Resolved KB Windows 11, version 23H2 WI699858 KB5032288 – Windows 11, version 22H2 WI699859 KB5032288 –

Microsoft has received reports of an issue in which some Wi-Fi adapters might not connect to some networks after installing the Originating KBs listed above. We have confirmed this issue was caused by the Originating KBs listed above and KB5033375. As reported, you are more likely to be affected by this issue if you are attempting to connect to an enterprise, education, or public Wi-Fi network using 802.1x authentication. This issue is not likely to occur on home networks. Resolution: This issue is resolved using Known Issue Rollback (KIR). Please note that it might take up to 24 hours for the resolution to propagate automatically to consumer devices and non-managed business devices. Restarting your Windows device might help the resolution apply to your device faster. For enterprise-managed devices that have installed an affected update and encountered this issue, it can be resolved by installing and configuring a special Group Policy. The special Group Policy can be found in Computer Configuration -> Administrative Templates -> <Group Policy name listed below> For information on deploying and configuring these special Group Policy, please see How to use Group Policy to deploy a Known Issue Rollback. Group Policy downloads with Group Policy name: Download for Windows 11, versions 23H2 and 22H2 – Windows 11 22H2 KB5032288 231029_032011 Known Issue Rollback Important: You will need to install and configure the Group Policy for your version of Windows to resolve this issue. You will also need to restart your device(s) to apply the group policy setting.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

windbg, fernlady

Reply | Quote

Wonderful news! We just switched from Ethernet to WiFi.

 

Windows 11 Pro
Version 23H2
OS build 22631.5189

Reply | Quote

Susan

Your latest post may have saved me a great deal of trouble.  I have two PCs running Windows 11 Home. (When one PC has problems, the other helps me solve them!)  Both had Bitlocker encryption enabled although I had never set it up.

One came with Win 10 and free upgrade to Win11; the other was bought two months ago with Win 11.    I normally use a local account but have had to create Microsoft accounts to use Word and Excel.  There were no Bitlocker recovery codes in those Microsoft accounts.  I make backups but it is still a lot of work to recover from resetting Windows.

Merry Christmas to everyone

Reply | Quote

Have either been used to sign in to work or school?

Did you decide to turn it off or save recovery keys?

Reply | Quote