Option to delay updates for Windows 10 home users coming soon

Microsoft has been testing the new Windows Update setting in the next edition of Windows 10 preview builds [due in the spring] in the Windows Insiders program. Until then, Windows “Home” users [i.e. those not using the Professional edition, on a domain or and educational edition] can not delay any quality [i.e. non-security and security] updates on their computer.

While Windows 10 Pro and enterprise editions can defer the upgrade for up to 35 days, Windows 10 “Home” users are forced to accept the next quality updates when Microsoft makes it available on Windows Update, whether they want it or not.

Windows 10 Pro and enterprise editions [when not on a domain or centrally managed] can delay feature [i.e. semi-annual] updates for up to a year.

Microsoft has had a bad track record for both quality and feature updates. This would be a welcome for home users. Most issues are discovered within a week.

Those who wish to “upgrade” from Home to Professional can used a previously unused [in Windows 10] Windows 7 or windows 8.1 Professional license or purchase the “upgrade” from Microsoft [estimated around $100 or so].



Well a new month of Microsoft update issues

After a month without any [major] Patch Tuesday issues, we have one this month. MS16-072 [kb3163622 ] which is a security update for Group Policy may cause changed settings through the GPO are no longer retained, shortcuts to applications on user’s desktops are missing, left previously hidden drives and devices accessible, and drive mappings not to work. The issue is due to how customers have implemented Group Policy permissions.

Before MS16-072 is installed, user group policies were retrieved by using the user’s security context. After MS16-072 is installed, user group policies are retrieved by using the machines security context.

This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.

To correct the situation use the Group Policy Management Console add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO). A well if you are using security filtering, add the Domain Computers group with read permission.

As well, if you have installed update rollup kb3156418 on Windows Server 2012 R2, the DFSRS.exe process may consume a high percentage CPU processing power (could approach 100%). This could cause the DFSR service to become unresponsive to the point at which the service cannot be stopped and you would be required to restart the server. The temporary workaround is to remove the update. Microsoft is aware of the issue.

[Updated 2016/06/22:] Now there is an issue with MS16-075 and MS16-076. They are related to Windows Netlogon and SMB Server. When you try to access a domain DFS namespace on a computer that is configured to require mutual authentication (by using the UNC Hardened Access feature), you receive an Access Denied error message. You need to make a registry change as described in KB3161561 as a workaround. Microsoft is investigating.

[Updated: 2016/06/29:] Added to the update woes this month, although it may not affect too many people, is the June 2016 rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 [KB3161606] that will affect for Hyper-V instances for Windows. The issue is related to the new HyperV-Integration-Service (KB3158626). The issue is related to the file wnetvsc.inf.


A second patch Tuesday from now on

As of April, expect an additional “Patch Tuesday”.

The first Tuesday of the month will now be reserved for Office updates – those that aren’t a security issue. If you noticed as of Office 2010 and continuing with office 2013 and Office 2016, Microsoft releases a slew of non-security Office updates. Sometimes maybe a dozen of them.

The second Tuesday continues to be the original “Patch Tuesday”. And occasionally, for the remainder of the Month, Microsoft may release some non-security updates for Windows, Surface, etc.

Different ways of updating Windows 10

During the first day of Microsoft Ignite, the company’s “festival” for IT professionals, Microsoft executives introduced the concept of Windows Update for Business. This is a new addition to Microsoft’s family of updating and servicing mechanisms that will be included with Windows 10.

Consumers who use Windows 10 will regularly receive all the new features, security updates and the various fixes to the operating system for free for the supported lifetime of their devices. [Microsoft still hasn’t stated what this “lifetime of their devices” period will be defined as.] Consumers users won’t have a choice as to which updates they get or don’t as they will get them all using Windows Update. This group of Windows 10 customers will be on the Current Branch.

Windows 10 Enterprise customers will have the option to receive security updates only with no new features as part of the Windows 10 Long Term Servicing branch. Enterprises [or large companies if you will] will be able to control the pace at which their Windows 10 users get these security updates using existing updating mechanisms like Windows Server Update Services [WSUS], System Center Configuration Manager [SCCM], and others.

But there’s is a new class of Windows 10 customers: These are users at work who aren’t running mission-critical devices and applications. These users will be able to get new features, security updates and the various other fixes to Windows 10 Pro and Windows 10 Enterprise devices for free, but at a more measured pace using the new Windows Update for Business service.

Windows Update for Business will give IT professionals more control over how and when these updates are roll out to their users and they can decide which machines get updates first and which get them at one point later. Peer-to-peer delivery will be used to deliver patches to sites with limited bandwidth [not too common now]. The standard corporate tools such as WSUS or SCCM can be used to deliver the updates.

Microsoft executives didn’t explain as yet how long they’ll be providing new features, security updates and fixes for Windows 10.

More update issues for Microsoft

Seems that the latter half of the year will be known as the 6 months where Microsoft’s quality control went down the tubes.

Seems that just about every month there have been issues.

December is no exception.

KB3008923 for Internet Explorer 9 causes crashing.

KB3004394 in Windows 7 and Server 2008 R2 is causing problems from MMS access. In addition it causes problems with Oracle’s VM VirtualBox and installing Microsoft updates. This is part of the root certificate program.

KB3002339 a non-security update for Visual studio 2012 won’t install by Windows Update but is fine if you manually install.

Silverlight update plays havoc with applications. This causes issue with Netflix [shocking!]. If you can uninstall go here.

KB2553154 causes problems with ActiveX controls and macros in Excel and Word. To fix the issue [not guaranteed], delete the following [and similar]: C:\Users\[user.name]\AppData\Local\Temp\Excel8.0\MSForms.exd, C:\Users\[user.name]\AppData\Local\Temp\VBE\MSForms.exd, and C:\Users\[user.name]\AppData\Local\Temp\Word8.0\MSForms.exd. [Although you can really clean out anything in that folder that isn’t in use.]

Finally more Exchange problems. This time Outlook clients accessing Exchange 2010 SP3 after update 8 is installed.

[Update 2014/12/11:] Microsoft has release a very tiny update to correct the issues with KB3004394. It is available as KB3024777. This update will actually remove the update if you can’t through Programs and Features.

When supports ends prematurely

Over the past little while, I’ve been having problems with my AMD/ATI GPU on my home computer. At one point I tried to update to the latest drivers.

As it is a major version upgrade, it was suggested to uninstall the drivers completely and then install the latest.

So I followed what they recommended.

Well, let’s just say I never installed the latest drivers.

In fact, even the original drivers are a bit unstable. Seems that something went wrong and every once in a while, if I use Internet Explorer, it craps out because it is accessing an AMD/ATI DLL it doesn’t like – for whatever reason. The version and dating of the file is fine [compared to the other GPU related DLLs].

On top of that, every once in a while, after a normal shutdown, the next time I boot up I end up in VGA mode and the device manager tells me there is an issue with the drivers. Only thing I found to fix that is using a restore point.

If I try installing the latest drivers after removing the old ones, it doesn’t detect my GPU card at all.

I went to the AMD forums and basically got nowhere. Someone has a similar issue with a different GPU.

A couple of days ago, I went to AMD’s support and had a chat. The guy was a bit helpful but not too much. Seemed to avoid some questions. In the end suggested reseat the card. Usually a long shot.

But the guy also told me that they only support the drivers listed on the company’s website [which was Catalyst 13.152 or something like that] instead of the latest which is 14.9.

Hmmm. That isn’t good.

I guess they’re trying to reduce support costs by not supporting anything more recent. I’m sure if I had an issue with the latest drivers, they wouldn’t support me. The GPU came out maybe a year ago.

Computer Tip: Microsoft Office 2013 stalls at 10%

If you try to install Office 2013 using the Click-to-Run (C2R) version, the installation may appear to hang at “10% – Configuring…” when installing from a network share.

The C2R installation uses a service to manage the virtual file system during the intial portion of the setup process using up to 10% in the installation user interface progress screen. The remainder of the process involves cache the files onto the local hard drive as well as some tasks required to integrate with Windows. Stuck at 10%, because Windows Installer hands off additional task to the service, the System account manages the remaining processes to install Office 2013, which requires the System account to access the share or location where Office installation files are contained.

To correct the problem, you need to add the “Domain Computers” group to the network share:

  1. Right click on the folder where the Office 2013 installation files reside and choose Properties.
  2. Click on the Security tab and then edit the Group or user names field by clicking on the Edit tab.
  3.  Click the Add tab and type in Domain Computers under the “Enter the object names to select” box (you can click Check Names if you didn’t enter all the text).
  4. The group has to have the following permissions: Read & execute, List folder contents and Read.