The Experience Blog

A blog with focus on experiences with the Windows Client operating systems…
RSS icon Email icon Home icon

  • Microsoft changes search feature in Windows 10 v1511 using sneaky background delivery options – this is Microsoft “Searchgate”!

    Posted on August 12th, 2016 By Andreas Stenhall + 1 comment

    So in Windows 10 1511 and 1607 I have an issue with searching for internet shortcuts as outlined in this blog post. For Windows 10 1607 things seemed to get worse. But, then I noticed in Windows 10 version 1511 as well that all of a sudden “Search my stuff” was gone although it had been there before! The investigation reveals some interesting stuff and magic things happening in the background!

    SHORT SUMMARY: Microsoft is pushing Windows 10 1607 (Current Branch) search features to Windows 10 2015 LTSB and Windows 10 1511 (Current Branch for Business) silently and in the background without any announcements made.

    Search in 1511 (as when Windows 10 entered Current Branch for Business and as long it has not been connected to the Internet):

    1

    Investigation

    1. I installed Windows 10 1511 (media updated in april 2016) in a VM – with no Internet connection. Note: system language is set to Sweden (Swedish) during install.
    2. I logged in and noticed that “Search my stuff” was there.
    3. I then thought I’d connect the machine to Windows Update to get the latest CU and see what happens after that. But before I knew it, “Search my stuff” vanished just after connecting the machine to the Internet. Now, things are getting interesting!

    Further investigation

    1. I installed Windows 10 1511 (media updated in april 2016) once again in a VM – with no internet and system language set to Sweden (Swedish).
    2. I logged in and noticed that “Search my stuff” was there.
    3. Checkpoint created in Hyper-V :)
    4. Fired up good old Resource Monitor.
    5. Connected the VM to Internet.
    6. AS SOON AS I CLICKED THE WINDOWS FLAG IN WINDOWS  – things started to happen in the background!
    A process named BackgroundTransferHost.exe started to download new packages, including what seemed to be new and updated code for the Shell and Cortana!

    2
    7. When it finished downloading – Voílà – the search box in Windows 10 1511 looks very much a lot like in 1607 and yes, the option “Search my stuff” is gone.

    3

    Conclusion

    This raises more than a few questions:

    What else is changed using this background delivery manager? Can we expect the start menu in 1511 to look like 1607?

    Is background delivery the reason why MS always writes “No new operating system features are being introduced in this update” on any CU:s released? I mean, “no new features are introduced in the CUs but we will gladly publish (new and) changed features unannounced using other delivery technologies than Windows Software Update packages (CUs)”. (https://support.microsoft.com/en-us/help/12387/windows-10-update-history )

    I thought the whole idea of different builds (1507, 1511 and 1607) would mean no feature changes and especially no new feature changes which are completely unannounced or did I miss this announcement in feature change?

    Is Windows 10 LTSB affected by this as well? UPDATE! Windows 10 2015 LTSB is affected by this as well which should be troublesome for Microsoft as Cortana is not supposed to be there and it is supposed to be feature locked.

    Does this mean you can easily deploy a feature change/fix to my machine so that internet shortcuts are returned in the search results?

    No further questions on this – I’m still shocked!!!

  • Internet shortcuts and search in Windows 10 v1607 – it’s getting worse!

    Posted on August 5th, 2016 By Andreas Stenhall + 1 comment

    This is a follow up to the post “Internet shortcuts in the Start menu not returned in quick search in Windows 10“. The plot thickens quite a lot with Windows 10 v1607.

    UPDATE August 21 2016: In a newly opened support case with Microsoft they have come to the conclusion that this is a code defect and will be fixed, for both LNK as well as URL files. Question is when it will be fixed, and (*irony*) if it will be distributed quickly in the background using the sneaky update method I wrote about in a recent blog post.

    UPDATE August 12 2016: It seems that Microsoft has also introduced this change in Windows 10 v1511! The option “Search my stuff” in the search box in the start menu and task bar is long gone! Read more about the sneaky update of the search feature in not only 1511 but also 10240 (CBB and LTSB).

    Scenario

    It is no secret that web applications become more and more common for every day that passes and that has been the case for many years now. I know Microsoft wants and thinks that everyone is now turning all their Line of Business applications into modern apps but that’s just not the case just yet. This is a fact on how it looks in the real world. With that said, the problem here is that Internet shortcuts in the start menu that points to a URL is listed in the Start menu list of applications but they are not searchable in the Windows search feature.

    Now things get interesting and at the same time worse! In Windows 10 v1511, you can search for an internet shortcut by typing its name and then choosing “Search my stuff”. In 1607, this option is gone. So without applying any workarounds the user must go back to find the web application by manually browsing through the long applications list in the start menu. So, with that we can tell all the users we for 10 years have tried to learn to use the search feature now to go looking for applications manually in the start menu. Well done Microsoft!

    Lapse in logic? I and users expect that whatever application can be seen in the start menu (EXE, modern apps or web apps) is also found when doing a search! As described above, this is not the case in Windows 10 version 1607.

    Workarounds

    Yes, there are workarounds, but only crappy ones.

    • You can exchange all LNK and URL:s and point them to iexplore.exe URL, i.e. “iexplore.exe http://www.microsoft.com”. This is what Microsoft recommends. Hmm, well is that a good solution? So when the customer wants to switch their standard browser will this workaround be a good idea? This workaround kind of defeats the idea of defining standard programs and URLs open in the browser defined as the standard program. I try to make my customers Windows client environments less complex and more standardized but this workaround points in the opposite direction to that.
    • You can also instruct the users to open the web site in Internet Explorer 11 and choose “Add Site to Apps”. By doing that you get a shortcut with the extension .website which is listed in the Start menu AND apart from that also being indexed and searchable! Is it possible to create these .website files and distribute? Not quite, as these were invented for IE9 where users could pin websites to the Task Bar, and are intended to be pinned by the user, not programmatically. Also, .website files are always opened only in Internet Explorer regardless if you set the OS standard browser to Edge or some other browser.

    Summary

    To sum it up, am I the only one having customers with internet shortcuts in the start menu? The reason they are there is that I do not want users to have to distinguish if a Line of Business application they use for their daily work is a EXE file or a web application (or a modern app for that matter). I expect them all to be treated the same as well as existing in the same place. I expect that EXE applications are returned in the search results. I expect modern apps to be returned in the search results and I expect web applications (internet shortcuts) to be returned in the search results.

    That is just simple logic in my world but who knows, I might be all crazy. I know 10000+ users that must think Microsoft are crazy when they are forcing users to go back to manually finding stuff instead of using search!

    Solution

    There is no solution so I appeal to Microsoft and specifically the Search team, that you repair the lapse in logic that exist in the current implementation in Windows search in Windows 10 1511 and 1607!

  • How to disable the Mobile hotspot feature in Windows 10 1607 using GPO or MDM

    Posted on August 4th, 2016 By Andreas Stenhall + No comments

    In Windows 10 v1607 Anniversary Update there is a brand new UI for sharing your internet connecting and creating a mobile hotspot. The feature has been there in Windows before but has previously required administrative privileges to activate. Starting with Windows 10 v1607 this is exposed in the modern interface under Network > Mobile Hotspot and can be activated as a standard user, posing a security threat if you for instance have network security in place which can then be circumvented.

    Solution

    Using GPO, you can disable Mobile Hotspot in the UI by settings the GPO setting Prohibit use of Internet Connection sharing on your DNS domain network to Enabled. This settings is located under Computer configuration > (Policies) > Administrative templates > Network > Network Connections.

    If you are using MDM, you can also configure this with this setting:

    URI full path: ./Vendor/MSFT/Policy/Config/WiFi/AllowInternetSharing
    Data type: Integer
    Allowed values:
    0 – Do not allow Internet Sharing.
    1 – Allow Internet Sharing (default)

    Result when this setting is changed wither via GPO or MDM:

    MobileHotspot

  • “The page can’t be displayed” in web apps after installing June (or July) CU update for Windows 10

    Posted on August 2nd, 2016 By Andreas Stenhall + No comments

    Some web apps might not work after installing the June (or July) 2016 Cumulative Update for Windows 10.

    Problem

    After installing June (KB3163018) or July (KB3172985) cumulative updates for Windows 10 a specific web app was broken, when browsing to it in Internet Explorer 11 or Edge lead to ”The page can’t be displayed”.

    Investigation

    Looking at the System log in Event Log showed Schannel errors:

    A fatal alert was generated and sent to the remote endpoint. This may result in the termination of the connection. The TLS protocol defined fatal error code 40. The Windows SChannel error state is 808.

    Doing a network trace showed that the web app server negotiated the TLSCipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA.

    Cause

    Windows as of update https://support.microsoft.com/en-us/kb/3061518 no longer support ciphers with 512-bits. Note that this KB was released in May 2016 but not anywhere stated to affect Windows 10. Nothing related to these changes points to Windows 10, but as we can conclude, these changes are introduced with June 2016 CU for Windows 10 (and thereby carried forward to July CU and any other CU to come).

    Workaround

    Use the workaround described in the registry section workaround in https://support.microsoft.com/en-us/kb/3061518 to go back to the 512-bits settings.

    Solution

    Make necessary server configuration changes to support the better ciphers.

  • Internet shortcuts in the Start menu not returned in quick search in Windows 10

    Posted on April 15th, 2016 By Andreas Stenhall + 1 comment

    This issue is quite annoying but as it seems shortcuts to URLs placed in the Start menu is not being returned in the quick search in Windows 10, i.e. press the Windows button and type the name of a Start menu item pointing to a URL. You have to click “Search my stuff” for it to be displayed.

    Scenario

    A few customers have a bunch of MSI packages containing shortcuts pointing to URLs which are published in the start menu in Windows 7 and in there being easily findable in the search feature in the start menu. When moving to Windows 10, the user logic comes to a halt when shortcuts in the start menu is not being returned in the quick search.

    Steps to reproduce

    1. In File Explorer, go to C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.
    2. Right click anywhere in the empty space and choose New > Shortcut.
    3. Enter a URL, for instance http://www.microsoft.com, then click Next.
    4. Name the shortcut “TEST URL” and click Finish.
    5. Wait a few seconds and then try to search for it by pressing the Windows key and start typing “test”. It will find nothing which is what one is expecting in this scenario.

    Clicking “My stuff” will show the shortcut, and it is also listed in the root of the start menu under All apps. Also, creating a shortcut the same way but to an EXE instead, using the above steps will return it in the search results instantly.

    Cause

    The Microsoft search and indexing team thinks that returning internet shortcuts placed in the start menu means too much “noise” to the users. My opinion is that whatever is found under Start > All apps would also be returned when just pressing the Windows button and starting to type.

    Workarounds

    Well there are a few workarounds but none are actually appealing nor logical.

    1. GPO Preferences. Yeah you could distribute the Internet shortcuts with GPO Preferences.
    2. Repackage the MSI packages (or by scripting) and point shortcuts to “iexplore.exe http://www.microsoft.com”. This is what Microsoft recommends. Hmm, well is that a good solution? So when the customer wants to switch their standard browser that will this workaround be a good idea? What happened to defining standard programs and URLs open in the browser defined as the standard program? I try to make my customers Windows client environments less complex and more standardized…

    To sum it up, the chances of Microsoft actually fixing this problem is very much zero percent chance as I interpret the communication we had with various Microsoft people in this issue.

  • Smart card removal does not lock the machine in Windows 10 nor previous Windows versions

    Posted on April 14th, 2016 By Andreas Stenhall + No comments

    Anyone who has worked with smart card and Windows clients have probably seen that on rare occasions users can pull their smart card from the smart card reader and the machine will not be locked although it should be locked instantly. As this typically only occur very rarely it is extremely hard to troubleshoot. However, things are coming together with a cause that makes sense and also shed some light on this elusive problem.

    Scenario

    A smart card is enforced to be used to login to machines in Windows 7 or Windows 10. GPO settings declare that when the smart card is removed from the smart card reader, the machine will be locked.

    Problem

    When the user removes the smart card from the smart card reader, the machine is not locked (rarely). Most of the times the machine is locked but occasionally the machine is not locked and the user can continue to work inside Windows with the card in their hands.

    Cause

    The Smart Card Removal Policy service has been restarted and when it restarts, the session to keep control over when the smart card is pulled from the card reader is lost and therefore the machine is not locked. The cause of Smart Card Removal Policy service being restarted is when new Windows patches are released and installed on the machines, specifically many of the latest Cumulative Updates for Windows 10 causes the problem. The issue is more rarely seen in Windows 7, likely due to the changes in updating/patching strategy in Windows 7 vs Windows 10 which differs quite a lot.

    Resolution

    None by Microsoft as this is by design (bad design I might add). A solution is to use a third party smart card tool that provides its own service to lock the machines.

    Additional notes

    The restart of this service does not trigger any events in the Event Viewer so we cannot trigger on anything. By design the machine should be locked whenever the Smart Card Removal Policy service is restarted but that does not happen. Could there be problems with that design? Probably, otherwise I suppose it would work that way already Microsoft!? :)

  • Solution to problems printing PDF files from Microsoft Edge in Windows 10

    Posted on October 4th, 2015 By Andreas Stenhall + No comments

    Just a quick note to myself as well as maybe helping others out. If you open a PDF file in Microsoft Edge (Windows 10 RTM version or latest Insider Build 10547) and try to print the PDF file only one or two pages come out from the printer, over and over again.

    For example if you print a 15 page PDF file, the first page of the PDF file comes out over and over again, or the first two pages over and over again.

    Solution: Open the PDF files using Adobe Reader and print without problems.

  • Do you think moving to IE11 makes you well prepared for Windows 10? You better think again!

    Posted on May 8th, 2015 By Andreas Stenhall + No comments

    One of the things you can and should do before moving to Windows 10 is to deploy Internet Explorer 11 on your existing machines. But if you think that means you are safe in terms of then moving to Microsoft Edge and be running with all the latest and greatest of web standard, you’d better think again. Why?

    Well ever since Internet Explorer 8 the setting “Display intranet sites in Compatibility View” has been enabled. Really what that means is that although you have moved to IE11 the chances are very likely that all your LOB web apps and all intranet based sites have been running in IE7 mode the last 10 years or so, at least after moving to IE8. That’s not very good to be honest.

    The solution to really be future-safe is to make sure to unset that setting to actually run all your sites in IE11 mode. This can of course be done using Group Policies by setting the policy “Turn on the Internet Explorer 7 Standard Mode” policy. However when doing that expect things to break so I strongly advise you do some thorough testing Before deploying that setting to your entire organization.

  • A unique book on managing Windows clients in an enterprise environment

    Posted on April 27th, 2015 By Andreas Stenhall + No comments

    ECM-Cover-200wMost books written about Microsoft products are very focused on one single product. A book about Windows Server covers all you need about the server OS itself. A book about System Center Configuration Manager covers everything you need to know about ConfigMgr in its bubble and a book about a Windows client covers everything you need to know about the client itself.

    The book Enterprise Client Management using Windows Server 2012 R2 and System Center 2012 R2 covers not only the Windows client (Windows 7 as well as 8.1) but how to manage it using Windows Server 2012 R2 and the System Center 2012 R2 products. So all in all a complete scenario on how to manage your Windows clients in the enterprise in a very effective way using Microsoft management tools available.

    The book is now also available on Kindle as of mid April 2015!

  • UE-V and Enterprise Mode in IE11 not working well together

    Posted on March 5th, 2015 By Andreas Stenhall + No comments

    Consider the following scenario: A user has a Windows client running UE-V (User Experience Virtualization) and IE 11 and everything in regards​ to Enterprise Mode in Internet Explorer 11 is working fine. The user then gets a new machine or logs into another machine let it be a client or for instance Remote Desktop session and then Enterprise Mode in IE11 does not work at all. The URL:s defined in the Enterprise Mode XML ruleset file are not applied when the user browse a web application defined for Enterprise Mode.

    The problem is a consequence of UE-V roaming the Enterprise Mode registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enterprise Mode where it lists CurrentVersion with the current version of the XML file that is being used. So basically that means that Enterprise Mode think it has already applied the current ruleset although it has not.

    Solution / Workaround

    The workaround to prevent this scenario from happening is to exclude that registry key from being roamed. In the MicrosoftInternetExplorer2013.xml file scroll down to <Application> <Name>Internet Explorer 11</Name> and add an additional exclusion to the other exclusions already listed under <Registry>:

    <Exclude>
    <Path>Main\EnterpriseMode</Path>
    </Exclude>

    For users that are already affected by the problem one must delete the registry key mentioned above and make sure that it is not synced back from the IE package in the SettingsPackages location (MicrosoftInternetExplorer.Version11 package).