ISSUE 17.20.F • 2020-05-25
The AskWoody Newsletter

In this issue

WONDOWS BASICS: Setting up a new PC: The first steps

BEST OF THE LOUNGE: DNS dragging its feet

Additional articles in the PLUS issue

LANGALIST: Security risks: Wired Ethernet vs. Wi-Fi

WINDOWS 10: Cheap Windows 10 product keys — Are they legit?

WEBSITE DEVELOPMENT: Security basics for small-business websites

Duplicate Photo Cleaner box

Duplicate Photo Cleaner

Duplicate Photo Cleaner is absolutely the best way to remove duplicate photos from your PC and phone!

Tired of cluttered photo albums? Get DPC at a special AskWoody discounted price, and delete duplicate and similar photos from your computer and smartphone in a flash! AskWoody special: Add File Cleaner for just $9.95!

Click here to claim your exclusive discount! Duplicate photos won’t stand a chance.


At some point, everyone needs help

Many of you have asked for assistance with the everyday problems of working with Windows.

And many more of you, I’m sure, are intimidated by the thought of asking beginner’s questions on the AskWoody site. Hogwash! We were all newbies once — and even expert Windows users don’t know everything.

One of my main motivations for starting, and sustaining, the free help doled out on AskWoody is my memories of how getting started felt. I was very lucky back in the day to encounter many people who lent a helping hand. I try every day to pay it back — now, with the support of hundreds of experts.

This week, our own Patch Lady Susan Bradley has a Windows basics article on setting up a new Win10 computer, from soup to nuts. If you have any questions, head over to the AskWoody Lounge and fire away!

Windows Basics

Setting up a new PC: The first steps

Susan BradleyBy Susan Bradley

Many Windows 7 users are upgrading to Win10 by simply purchasing a new PC.

And that makes good sense. Not only are you moving to a more secure OS, you’re matching it with the latest PC hardware technology.

So now that you have your shiny new system, what’s next? Here are the steps I typically take to get a new PC fully up and running, ready for work.

Step 1 – Do an initial cleaning

After unboxing, setting up, and completing the Windows 10 setup, I start the configuration process by reviewing what came with the machine. (Note: I initially set up the system with a non-Microsoft — i.e., local — account by not allowing it to connect to the Internet.)

That review doesn’t include the keyboard or the monitor: rather, I take a close look at which third-party apps the vendor has installed. As a small-business owner, I tend to purchase OEM systems in ones and twos — and make only the modifications I deem necessary. In other words, I don’t follow the corporate practice of reformatting the hard drive and installing a set configuration designed for enterprise management.

That’s not to say I won’t do a fresh, from-scratch reinstall of Windows. It all comes down to the amount of junkware installed and driver availability. If the system came stuffed with unwanted bloatware and advertising apps, and if I can download the necessary drivers, I’ll do a clean install of Windows 10. But the business systems I purchase tend to come with less junkware than do consumer versions. If that’s the case, I’ll simply jump to the next step: tweaking the system.

Step 2 – Some initial tweaks

Here are two changes I make to every computer under my control. They help make the system more transparent, so users know which files are what.

Reveal file extensions: This step makes a file’s type obvious, and the change is exceptionally easy. In File Explorer’s left-hand file tree, click the This PC folder. Select the View tab near the top of the File Explorer window; then, in the Show/hide section, put checkmarks next to both File name extensions and Hidden items (see Figure 1).

File name extensions
Figure 1. Enable File name extensions and Hidden items in File Explorer’s View tab.

There’s a security aspect to this change. For as long as I can remember, Microsoft has always hidden file extensions by default — which malicious hackers know all too well. They might use that setting as a way to disguise their code. For example, with extensions hidden, you could see something called “trickyfilename.doc” (and might have forgotten that .doc should not appear). With extensions shown, that same file has now sprouted an extra .exe on the end (i.e., “trickyfilename.doc.exe“). That’s an immediate tip-off that it’s a potentially dangerous executable.

Hidden items: Just below File name extensions, put a checkmark next to the Hidden items option. By default, Windows hides certain folders that Microsoft believes users should not touch. But attackers might also use these folders as a convenient place to hide their malware. Enabling Hidden items reveals those otherwise invisible files and folders.

One of those hidden system folders is AppData (C:\users\yourusername\AppData), which is used by more and more apps to store personal data. That’s irritating if, say, you’d rather have your gigabytes of emails stored on the slow-but-huge D: drive rather than on the quick-but-small solid-state C: drive.

Keep in mind, however, that many apps store hidden files in folders alongside your working files — and you’ll see them if Hidden items is enabled. That can be both annoying and confusing. So you might want to enable Hidden items only when you want access to AppData or other hidden files.

With AppData revealed, you can search through its Local, LocalLow, and Roaming subfolders for files that are taking up huge amounts of disk space. You might be surprised by what you find. Two resources for information on AppData are Super User’s “What is ‘%AppData%’?” post and How-To Geek’s “What Is the AppData Folder in Windows?” post. (I also recommend JAM Software’s TreeSize Free for finding out what’s eating up drive space.)

Step 3 – Add menu management

Next I install Stardock’s inexpensive Fences for organizing desktop icons and shortcuts. Microsoft might believe we’ve all transitioned to Windows’ Start menu tiles, but I — and I suspect many others — still keep lots of application icons on my desktop. Moreover, my aging brain can’t handle the myriad browser bookmarks for cloud applications (and MS 365 admin websites) I use on a regular basis. So I create desktop shortcuts for them, too.

If you’re a longtime Win7 devotee moving to Win10, you might want to install Stardock’s Start10 or one of its competitors. But having used Win10 for a few years now, I’ve found that I no longer need a third-party menu utility. (Note: On systems without a touchscreen, Windows’s Tablet view won’t show up, so you’ll see only the familiar Windows PC desktop.)

As I install applications on the new machine, I organize their icons with Fences.

I also pin my most-used apps to the Windows taskbar. Note: If an app’s installer doesn’t offer to automatically create a taskbar or desktop shortcut, you can do so yourself. Simply find the app in the Start menu and right-click it. Click More and then Pin to taskbar and/or Open file location (see Figure 2). For the latter, right-click the app in File Explorer and select Create shortcut.

Open file location option
Figure 2. You can easily create desktop shortcuts for applications via the Open file location context-menu option.

Step 4 – Setting up MS Office

Office is one of the first major apps I install on the new system. But instead of the standalone “MSI” edition that gets individual patches, I now download the Click-to-Run Microsoft 365 Business Premium release (more info; USD $20 per user/month). Click-to-Run patches update all Office apps in one go.

Although you can roll back a problematic MS 356 update, you’re better off setting your copy of Office to the Semi-Annual Enterprise Channel (formerly Semi-Annual Channel) or the new Monthly Enterprise Channel — not to the default Current Channel (aka Monthly Channel). (For more info on Office updating, see the MS Docs post ” Overview of update channels for Microsoft 365 Apps.”)

To see which version of MS 365 you’re currently running, open Word, click File and then select Account. On the right-hand side of the Account window, read the information under About Word. If you see Monthly Channel, follow the steps below to change channels. (An Erwin Bierens post provides more details.)

  • Launch a command window as an administrator.
  • Navigate to C:\Program Files\Common Files\Microsoft Shared\ClickToRun\.
  • At the prompt, enter OfficeC2RClient.exe /changesetting Channel=Broad to change Office to the Semi-Annual channel.

You’ll see Office 365 “reinstall” itself and then change to the less-disruptive channel.

Step 5 – Go Pro

If the machine I just purchased has Win10 Home installed, I immediately upgrade it to the Pro edition — which gives me more control over the updating process. You can, for example, defer both Feature updates and monthly Quality patches.

The Pro version also lets me control updating and other aspects for Windows via the Group Policy Editor. Yes, you have a good level of patching control through Windows Update, but GPEdit gives more consistent results (more info).

Step 6 – Drive encryption (optional)

So far, I’ve made all the above changes while still signed in to the original administrator-level, non-Microsoft account.

If I decide to use BitLocker encryption on the new machine, how I handle the de-encryption recovery key is vitally important. If you’re running an MS account, the recovery key is automatically stored online. If you start with a local account, you have more options for recording the key: on a printout or a USB flash drive, and others (more info).

In short, you must have a well-established process for recovering the key from a safe place. Should you run into a problem during patching or maintenance, Windows will probably request the recovery key — and you’ll need to know exactly where to find it. (If there’s any chance you’ll forget the location, I guarantee it’ll happen during the panic of a system failure.)

Note: When setting up an MS Surface device, I use a Microsoft-attached account from the start because of how the machine handles BitLocker. The recovery key will be automatically linked to your Microsoft account and uploaded online. If disaster strikes, follow the MS Support instructions for signing in to your Microsoft account from another device and obtaining the critical recovery key.

An unexpected request for a recovery key is no hypothetical occurrence. On two occasions, I’ve been prompted to enter a BitLocker key after a system reboot. Both times, I nearly panicked. So again, know where to find the key — write it down and place the paper in a safe but easily accessed place. And if you use another encryption method, check with the vendor for the best way to back up your recovery key.

Step 7 – Set up a backup system

I make sure I have a safe and reliable backup routine for every device I manage. Solid-state drives might be quick and reliable, but when they die, it tends to be spontaneously and completely with little or no warning. And, even if you have most of your apps and data backed up to or running from the cloud, restoring a system to its state at the time of a major failure will still be a pain.

So I still recommend using a third-party, full-disk backup application such as Acronis True Image, EaseUS ToDo Backup, or Macrium Reflect. There are many others to choose from, most offering both free and paid versions.

I typically set up a separate Windows account for the backup system, to help hide the backup drive from attackers. Keep in mind that ransomware will routinely delete any shadow copies and backups that it can access. But a malicious hacker who has compromised the account you use daily should not be able to access other accounts.

Step 8 – Limit your Windows rights

One of the oldest security practices for Windows is to avoid doing your daily computing activities in an admin-level account. So after I’ve finished making the initial system setup, I’ll create a new, rarely used administrator account and then downgrade the local account I started with — the one I will use every day — to non-administrator.

I also decide how I’ll sign into the new system. Along with the standard password, Win10 offers numerous sign-in options: Picture Password and security keys, plus the Hello-based fingerprints, facial recognition, and PINs.

So how do you set up a new system?

I’ve detailed my steps for configuring a new system. I’d love to hear how you handle this task. So please share your favorite tweaks using the AskWoody comments link below. I’ve worked with PCs for many more years than I’d like to admit, but I still learn much from fellow Loungers. Join the discussion!

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

In real life, Susan Bradley is a Microsoft Security MVP and IT wrangler at a California accounting firm, where she manages a fleet of servers, virtual machines, workstations, iPhones, and other digital devices. She also does forensic investigations of computer systems for the firm.

Best of the Lounge

DNS dragging its feet

Getting “Cannot find the DNS server” messages while searching the Internet is similar to getting the recorded phone message “The number you have dialed is not in service at this time.” A Domain Name System server is essentially a phone book for Web addresses, and some phone books are considerably better than others.

When faced with that DNS server error, Plus member Nibbled To Death By Ducks decided to change his router’s default settings in order to use the Open DNS service (more info) rather than what his ISP provides. Finding the settings was one problem; another was checking whether the change “stuck” by using Windows’ “ipconfig” command. But the new DNS server wasn’t listed. Of course, Nibbled turned to the Lounge for help. It turns out that things aren’t always as they appear, as a quick verification on Open DNS’s website proved.


Plus member WSlfh003 intended to “save myself from the aggravation of Win10” by doing an in-place upgrade from Win7 Pro to Win8.1 Pro. Whoa, there! As PKCano pointed out, there’s no direct upgrade from Win7 to Win8.1. But there are ways to achieve that end. Unfortunately, WSlfh003 soon realized that what first appeared to be a simple task had become a bad dream, concluding that “these are surely trying times.” We don’t know the path ultimately taken.


New Plus member gwt10 uses a VPN while surfing the Internet. But access to the AskWoody site gets blocked, and gwt10 wants to know why. That leads to a long and interesting discussion about “clean” and “dirty” IP addresses. Forum members also note the security features AskWoody incorporates to protect us from bad actors.


Plus member GarthP‘s second-hand machine works fine immediately after bootup. But soon it repeatedly stalls — initially for a few seconds, then freezing up entirely after about 30 minutes of use. Rebooting starts the cycle all over again. Is it an overheating problem? Failing components? So far, suggested causes have been eliminated.


Plus member daddybear wondered why a full virus scan on a ThinkPad notebook would take almost two hours longer than on a desktop. Both machines are running Win10 Home. Numerous theories and suggestions are put forth — but in the end, it might be a simple problem of comparing apples to oranges.


Lounger 7ProSP1 wanted to add 4GB of RAM to a laptop but was stumped when a salesperson asked what voltage the machine required. 7ProSP1 had the same response as most other users: “Huh?” Forum members helped unravel the mystery of varying voltages.


Plus member Paul L‘s keyboard acted oddly after an update to Win10 1909. A few keys started inserting incorrect characters. Was it a keyboard-remapping problem? Suggestions from forum members and Dell didn’t resolve the problem. Turns out the failure was simply coincidence — after 10 years of use, the keyboard chose that moment to give up the ghost.

If you’re not already a Lounge member, use the quick registration form to sign up for free.

Stories in this week’s PAID AskWoody Plus Newsletter
Become an ASKWOODY PLUS member today!


Fred Langa


Security risks: Wired Ethernet vs. Wi-Fi

By Fred Langa

Fundamental differences in wired and wireless networking mean that neither can provide the same level of data security. Here’s why.

Plus: Win10 has a hidden “packet-sniffer” tool for examining raw network traffic. Also, can you install Win10 via USB from an Android phone?

Richard Hay


Cheap Windows 10 product keys — Are they legit?

By Richard Hay

No. Nope. Not even on Fridays.

That could be the end of the discussion, but I wouldn’t want to leave you hanging. So let’s dive into this weird phenomenon of cheap Windows 10 product keys — and shine some light on the issue.

In addition, I’ll share with you a legit and legal avenue for upgrading to Windows 10.

Nathan Segal


Security basics for small-business websites

By Nathan Segal

Your company website is truly the digital front door to your business. It’s often potential customers’ first impression.

If you’re building an online presence, security is a top priority; here are some tips for keeping both your website and your business safe.

Publisher: AskWoody LLC (; editor: Tracey Capen (

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

Copyright © 2020 AskWoody LLC, All rights reserved.