News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • MSFT Windows Update

    Home » Forums » Outside the box » MSFT Windows Update

    Author
    Topic
    #2396946

    Catching up tech/security movement today and came across and interesting article over on bleeping computer by Sergiu Gatlan worthy of the 2 min read.

    my take on it:
    Kinda makes sense what MSFT are doing to make WU more efficient and rapid, particularly for those who have slower connection speeds as well as anyone who uses WU period.
    That to me is an overdue step in the right direction from the corporation.
    Although I’d also have asked,

    “if MSFT can reduce patches by 40% for Win11, why can’t/wont they do it for the vast global majority of Win10 users?”  and “could we see this in Win10 21H2?”

    If that were to happen, it would be the best ‘feature update’ so far lol

    So, for the few who can LEGITIMATELY upgrade to Win11, surely it’s more beneficial to backport the Win11 patching process to Win10…even if the quality of cargo still leaves much to be desired across the spectrum of the in-support OSes.

    | Quality over Quantity |
    1 user thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #2396971

      Windows XP would notoriously slow down to a crawl when scanning for updates due to supercedence issues where it would scan and scan and scan for which update was now valid for the platform.  They’ve been fighting this speed battle for years.

      Susan Bradley Patch Lady

      • #2397025

        As a home user who always kept their system up to date, I personally never experienced this type of behaviour from Windows XP.  The updates were always picked up fast, always downloaded fast and, since they were either in KB’s or MB’s, they literally installed in seconds.

        Compare this to the hundreds of  MB’s or GB’s of a Windows 10 update and the associated and sometimes ridiculous amount of time involved to install them, then it’s certainly a welcome step in a backwards direction, if I may phrase it that way, to make installing Windows 11 updates more efficient.

        1 user thanked author for this post.
    • #2396997

      So, for the few who can LEGITIMATELY upgrade to Win11

      If Microsoft provides the instructions to install, does that make the Windows 11 upgrade legitimate?  They recommend against it, but they’ll tell you how to do it.

      Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
      "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
      "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

    • #2397228

      If Microsoft provides the instructions to install,

      My opinion is that Microsoft’s registry hack meant for Enterprises to test software compatibility on their current not Windows 11 compatible PCs.
      The hack isn’t meant for home users to install Windows 11 and to continue to use it.
      Microsoft will stop updates to incompatible PCs.

      • #2397273

        My opinion is that Microsoft’s registry hack meant for Enterprises to test software compatibility on their current not Windows 11 compatible PCs.  The hack isn’t meant for home users to install Windows 11 and to continue to use it.

        Mine was a rhetorical question.  I did not use Microsoft’s hack, I used my own.

        Microsoft will stop updates to incompatible PCs.

        That remains to be seen.  So far all of your dire predictions about Windows 11 have not exactly played as you have described.  I’m in a position to test Microsoft’s update policies on Windows 11 upgrade on unsupported hardware every Patch Tuesday, and will report back here.

        “It ain’t over till it’s over.”—Yogi Berra

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

    • #2397299

      That remains to be seen.

      Are you calling Microsoft, liars ? 🙂

      • #2397304

        Microsoft will stop updates to incompatible PCs.

        Microsoft have not said that.

        Only that updates are not guaranteed:

        Devices that do not meet these system requirements will no longer be guaranteed to receive updates, including but not limited to security updates.

        Installing Windows 11 on devices that don’t meet minimum system requirements

        Windows 10 Pro version 21H2 build 19044.1387 + Microsoft 365 (group ASAP)

      • #2397305

        Are you calling Microsoft, liars ?

        Didn’t the free upgrade from Windows 7 have an expiration date?

        And what @b said.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

        1 user thanked author for this post.
    • #2397380

      Microsoft need to be able to turn off the TPM check, but not for the reason given.

      To build a software installation for deployment by Microsoft disk imaging (FFU image) it’s a requirement to have secure boot off, and often the simplest way to achieve that is to turn off the TPM and thus secure boot (seems that option is less common- as seems is in the process of becoming the only option?).

      Though you could mount the drive via the recovery console or manage-bde, this doesn’t work for the whole drive in the same way, and policies from the BIOS settings to Windows  (unspecified, probably to guard UEFI security concerns) could also foul the process.

      It’s far quicker for OEMs to have the single source machine in said condition, generate and capture the installation in the complete absence of bitlocker, and deploy the software to the target hardware such that the policies (including the application of Bitlocker to the drive content at the end of the out of box experience) apply to each instance of the installation (which is why they all have individual Bitlocker recovery keys the OEM can not provide to you) so the customer gets a secure installation and the OEM can install economically as they don’t have to work through encryption on every system.

      This also means if you wish to subvert the Microsoft checks on software entitlement, you’re going to have to tinker at a UEFI level to get the policies in place, as I don’t know what happens below the user interface there but you suddenly find you either get “access denied” (as local administator, real one) or what’s happens to the actual bitlocker state doesn’t match the settings if you try to alter the bitlocker settings back to unencrypted from that position.

      Played that game, admittedly only with Windows 10.

      ——— sound of hats being rearranged —————-

      If you really want to go conspiracy theory on it…

      Microsoft also provide facility to control what WILL boot on a device by virtue of their software’s control over BIOS settings – so in a few years they could revoke the UEFI boot signature for Windows 10 (by adding it to the revoked signature database) to stop you going back to a Windows 10 backup you took before you upgraded to Windows 11 when they decide Windows 12 is out and that needs something you don’t have.. and Windows 11 is doing something by default you don’t like so you maybe decide to give the PC to the kids to play some old school non Internet games on and replace it. Probably irks them a fair few Windows 7 machines that failed to get 10 are still rumbling along doing that.

      The UEFI tech is discussed here (as using it is more suited to IOT .. rather than any technical reason it shouldn’t apply to desktops I’d assume)

      https://docs.microsoft.com/en-us/windows/iot-core/secure-your-device/securebootandbitlocker

      Wasn’t that long ago MS tipped their hand and spilled their cards all over the floor..

      https://www.computerworld.com/article/3528302/the-mess-behind-microsoft-s-yanked-uefi-patch-kb-4524244.html

      Of course given the recent code red on the platform binary table, how well is that memory area used for this information protected? Or are Revil working on it now as a way of ransoming the data should you decide not to pay up, as you won’t be able to boot recovery media or Windows once done, and they know most end users don’t even know they need to write down the recovery key they don’t know exists let alone how to extract a drive and plug it in elsewhere to get at the data..

      It means businesses hit would simply have to replace their machines rather than reinstalling them and trying to rebuild from a backup.. then again I guess that could make the tax returns simpler..

      https://www.youtube.com/watch?v=c4WJsp16CpY

       

       

      • #2397383

        Microsoft need to be able to turn off the TPM check, but not for the reason given.

        What reason was given?

        (TPM hasn’t been mentioned in this thread until now.)

        Windows 10 Pro version 21H2 build 19044.1387 + Microsoft 365 (group ASAP)

    • #2397407

      Yep sorry. I was not that explicit there.. so revisiting..

      Microsoft need to be able to install Windows 11 on systems with an inactivated TPM as that is the initial condition their software (since Windows 8) needs to be prepared in to meet WHQL requirements, whilst still remaining deployable by Microsoft’s FFU imaging method to other platforms. (which is why they don’t mind you knowing..), as when Windows comes out of box, a pool of information about the firmware and hardware is retrieved from the UEFI firmware when setup begins the out of box process (and thus it is that information which determines your software entitlements in response to @b ‘s post #2397304, and ultimately could be how, in response to @bbearren ‘s post #2397305, Microsoft can determine when your Windows 7 supported upgrade ends its support life as defined by the date that hardware footprint (in the guise of activation data) first hit their activation servers. As to when they decide to act on that information, guess it’ll just happen sometime..)

       

      1 user thanked author for this post.
    • #2400527

      Should anyone still be following this thread, have also noticed the time since first activation of Windows on my hardware is also present somewhere else (despite that original OS being blown away and reinstalled in UEFI mode for Windows 10 upgrade purposes not that long ago.) Perhaps Microsoft intend to indicate this information to users just in case their Windows 10 PC is not as new as they were told when they purchased it?

      It’s in the dreaded (by some) PC health check app.. as per attachment.

    Viewing 6 reply threads
    Reply To: MSFT Windows Update

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.