Category Archives: Windows

Unified Extensible Firmware Interface (UEFI)

Posted on by
Reply

Unified Extensible Firmware Interface

For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it is time to replace it with something better. UEFI is the replacement for BIOS, so it is important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment.

Introduction to UEFI

BIOS has been in use for approximately 30 years. Even though it clearly has proven to work, it has some limitations, including:

  • 16-bit code
  • 1 MB address space
  • Poor performance on ROM initialization
  • MBR maximum bootable disk size of 2.2 TB

As the replacement to BIOS, UEFI has many features that Windows can and will use.

With UEFI, you can benefit from:

  • Support for large disks. UEFI requires a GUID Partition Table (GPT) based disk, which means a limitation of roughly 16.8 million TB in disk size and more than 100 primary disks.
  • Faster boot time. UEFI does not use INT 13, and that improves boot time, especially when it comes to resuming from hibernate.
  • Multicast deployment. UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start.
  • Compatibility with earlier BIOS. Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS.
  • CPU-independent architecture. Even if BIOS can run both 32- and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS.
  • CPU-independent drivers. On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That is not needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment.
  • Flexible pre-operating system environment. UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors.
  • Secure boot. Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware cannot switch the boot loader.

Versions

UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a small number of machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later.

Hardware support for UEFI

In regard to UEFI, hardware is divided into four device classes:

  • Class 0 devices. This is the UEFI definition for a BIOS, or non-UEFI, device.
  • Class 1 devices. These devices behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured.
  • Class 2 devices. These devices have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available.
  • Class 3 devices. These are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS.

Windows support for UEFI

Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers.

With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system.

How UEFI is changing operating system deployment

There are many things that affect operating system deployment as soon as you run on UEFI/EFI-based hardware. Here are considerations to keep in mind when working with UEFI devices:

  • Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS.
  • When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It is common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa.
  • When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4GB.
  • UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit).

SUSDB Maintenance

Posted on by
1

So, you might be stuck with SUSDB maintenace issues – properly the maintence jobs won’t finish without getting timeouts? Something like this maybe?

Msg 1205, Level 13, State 54, Procedure spUpdateChangeTrackingNumber, Line 11

Transaction (Process ID 110) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction.
here is a script that will help you – you might have to run it multiple times

  1. Execute the next Query over then SUSDB database: exec spGetObsoleteUpdatesToCleanup
  2. Write down the number of Rows given by the output. 
  3. You can find the SQL script that executes the same StoredProcedures as the WSUS GUI, but directly over the database. We just need to change the parameter in SELECT TOP (XXXX) for the number of rows detected on the previous step, or higher.  Script download (the script can also be found at http://www.thomasmarcussen.com in the archive folder SUSDBClean.zip)      (Note: The process should be quite faster than the regular CleanUp on the GUI, but is possible that it can enter a DeadLock condition due to other operation from the WSUS Server. In this case, just re-run the Script)
  4. Once the Script finished successfully, try again the CleanUp from the WSUS GUI. Now it should finish very fast.
  5. For last, in order to keep the SUSDB healthy it is recommended to run the Maintenance script again in order to leave the database reindexed.

Should you install Office 2016 32-bit or 64-bit?

Posted on by
Reply

There seems to be some doubt about Office 2016 when to install 64-bit version of office vs 32-bit

Limitations of the 64-bit version of Office

The 64-bit version of Office may perform better in some cases, but there are limitations:

  • Solutions using ActiveX controls library, ComCtl controls won’t work.
  • Third-party ActiveX controls and add-ins won’t work.
  • Visual Basic for Applications (VBA) that contain Declare statements won’t work in the 64-bit version of Office without being updated.
  • Compiled Access databases, like .MDE and .ACCDE files, won’t work unless they’re specifically written for the 64-bit version of Office.
  • In SharePoint, the list view won’t be available.

If you have specific add-ins that you use in the 32-bit version of Office, they may not work in 64-bit Office, and vice versa. If you’re concerned, check your current version of Office before installing the new one. Considering testing the add-in with 64-bit Office, or finding out if a 64-bit version of the add-in is available from the developer.

The 64-bit version of Office has some limitations, but is the right choice when:

  • You work with extremely large data sets, like enterprise-scale Excel workbooks with complex calculations, many PivotTables, connections to external databases, PowerPivot, PowerMap, or PowerView. The 64-bit version of Office may perform better for you.
  • You work with extremely large pictures, videos, or animations in PowerPoint. The 64-bit version of Office may be better suited to handle these complex slide decks.
  • You work with extremely large Word documents. The 64-bit version of Office may be better suited to handle Word documents with large tables, graphics, or other objects.
  • You’re working with files over 2GB in Project, especially if the project has many subprojects.
  • You want to keep the 64-bit version of Office that you’re already using. The 32-bit and 64-bit versions of Office programs aren’t compatible, so you can’t install both on the same computer.
  • You’re developing in-house Office solutions, like add-ins or document-level customizations.
  • Your organization requires Hardware Data Execution Prevention (DEP) be enforced for Office applications. DEP is a set of hardware and software technologies that some organizations use to enhance security.

 

Media Creation Tool for Windows 10

Posted on by
Reply

If you need to install or reinstall Windows 10, You can use the Media Creation Tool to create a installation media using either a USB flash drive or a DVD.

You will be able to create a media for the following Windows 10 versions

Windows 10 Home
Windows 10 Home N
Windows 10 Home Single Language
Windows 10 Pro
Windows 10 Pro N
x86 & x64

Download: Media Creation Tool x86 or Media Creation Tool x64

For Enterprise editions please visit Volume Licensing Service Center

Access Director 3.0 Released

Posted on by
Reply

The future of Windows is coming on July 29

To make your next Windows experience even better – We have just released the next version of Access Director.                                                                                               Using Access Director you will be able to secure your desktop, simple and easy!

– Run your desktop in a non-elevated user context
– Elevate only needed applications with a single click
– Elevate in your current user-context without affecting other unsecured applications like IE or Office

What’s in Access Director 3.0 ?

– Updates to support the next Windows experience (10)
– Support for integration modules
– Minor bug fixes

Get it from the Download Center

Direct Download Link

EasyBoot USB 1.1 has been released

Posted on by
Reply

Simpel, but very helpful tool to create Windows Boot or To-Go USB sticks

Download Link

It’s that simple, EasyBoot USB with 4 easy steps and you are ready to go.

  1. Insert USB stick
  2. Choose between the following types
    1. UEFI
    2. BIOS
    3. Windows To Go
  3. Browse to your ISO file
  4. Click Start

EasyBoot USB

The tool is pretty much self-explanatory

Do not hesitate to ping me with bugs, feature requests or ideas for new tools 🙂

 

 

 

Windows 10 – Windows Updates troubleshooting

Posted on by
Reply

If you experience problems with Windows Updates and need to debug on the actual process, WindowsUpdates.log has always been a good place to start……… but not on Windows 10

According to Microsoft these steps are relevant only for the January Tech Preview of Windows 10.

Windows Update uses Event Tracing for Windows (ETW) to generate diagnostic logs. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written. To decode the resulting ETL files and create a log that you can read, follow these steps.

  1. Download the public symbols by following the directions here. Install these symbols to a directory such as C:\symbols.
  2. Download the Tracefmt.exe tool by following the instructions here.
  3. Open a command prompt with administrative rights.
  4. Create a temporary folder, such as %systemdrive%\WULogs.
  5. Locate the directory that contains Tracefmt.exe, as downloaded and installed in step 2. Then, copy Tracefmt.exe to %systemdrive%\WULogs.
  6. Run the following commands at a command prompt, in the order presented:
    • cd /d %systemdrive%\WULogs
    • copy %windir%\Logs\WindowsUpdate\* %systemdrive%\WULogs\
    • tracefmt.exe -o windowsupate.log <each windows update log delimited by space> -r c:\Symbols

For example, the last line might resemble the following:

tracefmt.exe -o windowsupate.log Windowsupdate.103937.1.etl Windowsupdate.103937.10.etl -r c:\Symbols

Lucky for us, we don’t always need to dig deep – there is a deprecated logfile we can use for now (January Tech Preview) WindowsUpdate_AU_deprecated.log

Allowing non-Administrators to control Hyper-V

Posted on by
Reply

By default Hyper-V is configured such that only members of the administrators group can create and control virtual machines.  I am going to show you how to allow a non-administrative user to create and control virtual machines.

Hyper-V uses the new authorization management framework in Windows to allow you to configure what users can and cannot do with virtual machines.

Hyper-V can be configured to store it’s authorization configuration in Active Directory or in a local XML file.  After initial installation it will always be configured to use a local XML file located at \programdata\Microsoft\Windows\Hyper-V\InitialStore.xml on the system partition.  To edit this file you will need to:

Open the Run dialog (launch it from the Start menu or press Windows Key + R).
Start mmc.exe
Open the File menu and select Add/Remove Snap-in…
From the Available snap-ins list select Authorization Manager.
Click Add > and then click OK.
Click on the new Authorization Manager node in the left panel.
Open the Action menu and select Open Authorization Store…
Choose XML file for the Select the authorization store type: option and then use the Browse… to open \programdata\Microsoft\Windows\Hyper-V\InitialStore.xml on the system partition (programdata is a hidden directory so you will need to type it in first).
Click OK.
Expand InitialStore.xml then Microsoft Hyper-V services then Role Assignments and finally select Administrator.
Open the Action menu and select Assign Users and Groups then From Windows and Active Directory…
Enter the name of the user that you want to be able to control Hyper-V and click OK.
Close the MMC window (you can save or discard your changes to Console 1 – this does not affect the authorization manager changes that you just made).

The user that you added will be able to completely control Hyper-V even if they are not an administrator on the physical computer.