Help: FreeNewsletter@askwoody.com

ADVERTISEMENT

Duplicate Photo Cleaner Duplicate Photo Cleaner is absolutely the best way to remove duplicate photos from your PC and phone! Tired of cluttered photo albums? Get DPC at a special AskWoody discounted price, and delete duplicate and similar photos from your computer and smartphone in a flash! AskWoody special: Add File Cleaner for just $9.95! Click here to claim your exclusive discount! Duplicate photos won’t stand a chance.

INTRODUCTION

Many of you have asked for assistance with the everyday problems of working with Windows.

And many more of you, I’m sure, are intimidated by the thought of asking beginner’s questions on the AskWoody site. Hogwash! We were all newbies once — and even expert Windows users don’t know everything.

One of my main motivations for starting, and sustaining, the free help doled out on AskWoody is my memories of how getting started felt. I was very lucky back in the day to encounter many people who lent a helping hand. I try every day to pay it back — now, with the support of hundreds of experts.

This week, our own Patch Lady Susan Bradley has a Windows basics article on setting up a new Win10 computer, from soup to nuts. If you have any questions, head over to the AskWoody Lounge and fire away!

Windows Basics

By Susan Bradley

Many Windows 7 users are upgrading to Win10 by simply purchasing a new PC.

And that makes good sense. Not only are you moving to a more secure OS, you’re matching it with the latest PC hardware technology.

So now that you have your shiny new system, what’s next? Here are the steps I typically take to get a new PC fully up and running, ready for work.

After unboxing, setting up, and completing the Windows 10 setup, I start the configuration process by reviewing what came with the machine. (Note: I initially set up the system with a non-Microsoft — i.e., local — account by not allowing it to connect to the Internet.)

That review doesn’t include the keyboard or the monitor: rather, I take a close look at which third-party apps the vendor has installed. As a small-business owner, I tend to purchase OEM systems in ones and twos — and make only the modifications I deem necessary. In other words, I don’t follow the corporate practice of reformatting the hard drive and installing a set configuration designed for enterprise management.

That’s not to say I won’t do a fresh, from-scratch reinstall of Windows. It all comes down to the amount of junkware installed and driver availability. If the system came stuffed with unwanted bloatware and advertising apps, and if I can download the necessary drivers, I’ll do a clean install of Windows 10. But the business systems I purchase tend to come with less junkware than do consumer versions. If that’s the case, I’ll simply jump to the next step: tweaking the system.

Here are two changes I make to every computer under my control. They help make the system more transparent, so users know which files are what.

Reveal file extensions: This step makes a file’s type obvious, and the change is exceptionally easy. In File Explorer’s left-hand file tree, click the This PC folder. Select the View tab near the top of the File Explorer window; then, in the Show/hide section, put checkmarks next to both File name extensions and Hidden items (see Figure 1).

Figure 1. Enable File name extensions and Hidden items in File Explorer’s View tab.

There’s a security aspect to this change. For as long as I can remember, Microsoft has always hidden file extensions by default — which malicious hackers know all too well. They might use that setting as a way to disguise their code. For example, with extensions hidden, you could see something called “trickyfilename.doc” (and might have forgotten that .doc should not appear). With extensions shown, that same file has now sprouted an extra .exe on the end (i.e., “trickyfilename.doc.exe“). That’s an immediate tip-off that it’s a potentially dangerous executable.

Hidden items: Just below File name extensions, put a checkmark next to the Hidden items option. By default, Windows hides certain folders that Microsoft believes users should not touch. But attackers might also use these folders as a convenient place to hide their malware. Enabling Hidden items reveals those otherwise invisible files and folders.

One of those hidden system folders is AppData (C:\users\yourusername\AppData), which is used by more and more apps to store personal data. That’s irritating if, say, you’d rather have your gigabytes of emails stored on the slow-but-huge D: drive rather than on the quick-but-small solid-state C: drive.

Keep in mind, however, that many apps store hidden files in folders alongside your working files — and you’ll see them if Hidden items is enabled. That can be both annoying and confusing. So you might want to enable Hidden items only when you want access to AppData or other hidden files.

With AppData revealed, you can search through its Local, LocalLow, and Roaming subfolders for files that are taking up huge amounts of disk space. You might be surprised by what you find. Two resources for information on AppData are Super User’s “What is ‘%AppData%’?” post and How-To Geek’s “What Is the AppData Folder in Windows?” post. (I also recommend JAM Software’s TreeSize Free for finding out what’s eating up drive space.)

Next I install Stardock’s inexpensive Fences for organizing desktop icons and shortcuts. Microsoft might believe we’ve all transitioned to Windows’ Start menu tiles, but I — and I suspect many others — still keep lots of application icons on my desktop. Moreover, my aging brain can’t handle the myriad browser bookmarks for cloud applications (and MS 365 admin websites) I use on a regular basis. So I create desktop shortcuts for them, too.

If you’re a longtime Win7 devotee moving to Win10, you might want to install Stardock’s Start10 or one of its competitors. But having used Win10 for a few years now, I’ve found that I no longer need a third-party menu utility. (Note: On systems without a touchscreen, Windows’s Tablet view won’t show up, so you’ll see only the familiar Windows PC desktop.)

As I install applications on the new machine, I organize their icons with Fences.

I also pin my most-used apps to the Windows taskbar. Note: If an app’s installer doesn’t offer to automatically create a taskbar or desktop shortcut, you can do so yourself. Simply find the app in the Start menu and right-click it. Click More and then Pin to taskbar and/or Open file location (see Figure 2). For the latter, right-click the app in File Explorer and select Create shortcut.

Figure 2. You can easily create desktop shortcuts for applications via the Open file location context-menu option.

Office is one of the first major apps I install on the new system. But instead of the standalone “MSI” edition that gets individual patches, I now download the Click-to-Run Microsoft 365 Business Premium release (more info; USD $20 per user/month). Click-to-Run patches update all Office apps in one go.

Although you can roll back a problematic MS 356 update, you’re better off setting your copy of Office to the Semi-Annual Enterprise Channel (formerly Semi-Annual Channel) or the new Monthly Enterprise Channel — not to the default Current Channel (aka Monthly Channel). (For more info on Office updating, see the MS Docs post ” Overview of update channels for Microsoft 365 Apps.”)

To see which version of MS 365 you’re currently running, open Word, click File and then select Account. On the right-hand side of the Account window, read the information under About Word. If you see Monthly Channel, follow the steps below to change channels. (An Erwin Bierens post provides more details.)

You’ll see Office 365 “reinstall” itself and then change to the less-disruptive channel.

If the machine I just purchased has Win10 Home installed, I immediately upgrade it to the Pro edition — which gives me more control over the updating process. You can, for example, defer both Feature updates and monthly Quality patches.

The Pro version also lets me control updating and other aspects for Windows via the Group Policy Editor. Yes, you have a good level of patching control through Windows Update, but GPEdit gives more consistent results (more info).

So far, I’ve made all the above changes while still signed in to the original administrator-level, non-Microsoft account.

If I decide to use BitLocker encryption on the new machine, how I handle the de-encryption recovery key is vitally important. If you’re running an MS account, the recovery key is automatically stored online. If you start with a local account, you have more options for recording the key: on a printout or a USB flash drive, and others (more info).

In short, you must have a well-established process for recovering the key from a safe place. Should you run into a problem during patching or maintenance, Windows will probably request the recovery key — and you’ll need to know exactly where to find it. (If there’s any chance you’ll forget the location, I guarantee it’ll happen during the panic of a system failure.)

Note: When setting up an MS Surface device, I use a Microsoft-attached account from the start because of how the machine handles BitLocker. The recovery key will be automatically linked to your Microsoft account and uploaded online. If disaster strikes, follow the MS Support instructions for signing in to your Microsoft account from another device and obtaining the critical recovery key.

An unexpected request for a recovery key is no hypothetical occurrence. On two occasions, I’ve been prompted to enter a BitLocker key after a system reboot. Both times, I nearly panicked. So again, know where to find the key — write it down and place the paper in a safe but easily accessed place. And if you use another encryption method, check with the vendor for the best way to back up your recovery key.

I make sure I have a safe and reliable backup routine for every device I manage. Solid-state drives might be quick and reliable, but when they die, it tends to be spontaneously and completely with little or no warning. And, even if you have most of your apps and data backed up to or running from the cloud, restoring a system to its state at the time of a major failure will still be a pain.

So I still recommend using a third-party, full-disk backup application such as Acronis True Image, EaseUS ToDo Backup, or Macrium Reflect. There are many others to choose from, most offering both free and paid versions.

I typically set up a separate Windows account for the backup system, to help hide the backup drive from attackers. Keep in mind that ransomware will routinely delete any shadow copies and backups that it can access. But a malicious hacker who has compromised the account you use daily should not be able to access other accounts.

One of the oldest security practices for Windows is to avoid doing your daily computing activities in an admin-level account. So after I’ve finished making the initial system setup, I’ll create a new, rarely used administrator account and then downgrade the local account I started with — the one I will use every day — to non-administrator.

I also decide how I’ll sign into the new system. Along with the standard password, Win10 offers numerous sign-in options: Picture Password and security keys, plus the Hello-based fingerprints, facial recognition, and PINs.

I’ve detailed my steps for configuring a new system. I’d love to hear how you handle this task. So please share your favorite tweaks using the AskWoody comments link below. I’ve worked with PCs for many more years than I’d like to admit, but I still learn much from fellow Loungers. Join the discussion!

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

Best of the Lounge

Getting “Cannot find the DNS server” messages while searching the Internet is similar to getting the recorded phone message “The number you have dialed is not in service at this time.” A Domain Name System server is essentially a phone book for Web addresses, and some phone books are considerably better than others.

When faced with that DNS server error, Plus member Nibbled To Death By Ducks decided to change his router’s default settings in order to use the Open DNS service (more info) rather than what his ISP provides. Finding the settings was one problem; another was checking whether the change “stuck” by using Windows’ “ipconfig” command. But the new DNS server wasn’t listed. Of course, Nibbled turned to the Lounge for help. It turns out that things aren’t always as they appear, as a quick verification on Open DNS’s website proved.

If you’re not already a Lounge member, use the quick registration form to sign up for free.

	LANGALIST Security risks: Wired Ethernet vs. Wi-Fi By Fred Langa Fundamental differences in wired and wireless networking mean that neither can provide the same level of data security. Here’s why. Plus: Win10 has a hidden “packet-sniffer” tool for examining raw network traffic. Also, can you install Win10 via USB from an Android phone?
	WINDOWS 10 Cheap Windows 10 product keys — Are they legit? By Richard Hay No. Nope. Not even on Fridays. That could be the end of the discussion, but I wouldn’t want to leave you hanging. So let’s dive into this weird phenomenon of cheap Windows 10 product keys — and shine some light on the issue. In addition, I’ll share with you a legit and legal avenue for upgrading to Windows 10.
	WEBSITE DEVELOPMENT Security basics for small-business websites By Nathan Segal Your company website is truly the digital front door to your business. It’s often potential customers’ first impression. If you’re building an online presence, security is a top priority; here are some tips for keeping both your website and your business safe.