A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Dumb (?) USB Flash drive question



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old July 12th 19, 11:16 PM posted to alt.comp.os.windows-10
lonelydad
external usenet poster
 
Posts: 90
Default Dumb (?) USB Flash drive question

I'll admit I didn't phrase things very well, but there are two distinct
actions going on here.

1. Since Microsoft has seen fit to not yet offer to upgrade my system to
1903, for no reason that I can discern, I am seriously thinking about
upgrading it myself, thus the downloading of the current 1903 version.

2. I just acquired a large USB drive, and want to make it bootable, for
reasons not really connected with #1. Thus the thought to use the Microsoft
manual download process to make the USB drive bootable, rather than just
download the ISO.

My understanding is that if I run startup from the USB drive WITHOUT
booting from it, in other words from a running 1809 Windows system, that I
will be able to perform an upgrade, and not a clean install, which would
happen if I booted from the USB first before running startup from it.
Ads
  #2  
Old July 12th 19, 11:47 PM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Dumb (?) USB Flash drive question

lonelydad wrote:
I'll admit I didn't phrase things very well, but there are two distinct
actions going on here.

1. Since Microsoft has seen fit to not yet offer to upgrade my system to
1903, for no reason that I can discern, I am seriously thinking about
upgrading it myself, thus the downloading of the current 1903 version.

2. I just acquired a large USB drive, and want to make it bootable, for
reasons not really connected with #1. Thus the thought to use the Microsoft
manual download process to make the USB drive bootable, rather than just
download the ISO.

My understanding is that if I run startup from the USB drive WITHOUT
booting from it, in other words from a running 1809 Windows system, that I
will be able to perform an upgrade, and not a clean install, which would
happen if I booted from the USB first before running startup from it.


Since you seem to want to do an Upgrade of your
existing Win10 OS to 1903, just downloading the ISO
and storing it on C: is sufficient. You don't even
need the 512GB drive to achieve your ends.

Upgrade Install:

1) MediaCreationTool1903.exe
2) Save as Windows.iso (on the C: drive if you want).
3) Right click Windows.iso, select "Mount" from the top of the menu.
4) Run "Setup.exe" from the resulting virtual DVD drive
that appears with a new drive letter.

*******

If you wanted to do a Clean Install, you could have
MediaCreationTool1903 make your 512GB USB drive into
a "bootable USB stick". That's a possibility.

*******

You can also use Macrium, to turn the 512GB drive into
a bootable USB device. That would be WinPE based.

You can also put a backup of C: onto the same partition
as the Macrium component parts. This turns the 512GB drive
into both a boot source, as well as a data source for
doing a restore of C: .

Any more complicated setups are overkill.

Paul


Paul
  #3  
Old July 13th 19, 02:41 AM posted to alt.comp.os.windows-10
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Dumb (?) USB Flash drive question

Paul wrote:

Since you seem to want to do an Upgrade of your existing Win10 OS to
1903, just downloading the ISO and storing it on C: is sufficient.
You don't even need the 512GB drive to achieve your ends.

Upgrade Install:

1) MediaCreationTool1903.exe
2) Save as Windows.iso (on the C: drive if you want).
3) Right click Windows.iso, select "Mount" from the top of the menu.
4) Run "Setup.exe" from the resulting virtual DVD drive
that appears with a new drive letter.


As an aside (me interjecting an inquiry):

Since I'm considering the similar action (manual install of 1903), does
the update occur entirely within the current Windows session without
requiring a reboot that needs to reread the virtual drive? While the
shutdown and reboot will perform the file replacements, I'm wondering if
the reboot will be configured to resume any remaining setup.
  #4  
Old July 13th 19, 03:05 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Dumb (?) USB Flash drive question

VanguardLH wrote:
Paul wrote:

Since you seem to want to do an Upgrade of your existing Win10 OS to
1903, just downloading the ISO and storing it on C: is sufficient.
You don't even need the 512GB drive to achieve your ends.

Upgrade Install:

1) MediaCreationTool1903.exe
2) Save as Windows.iso (on the C: drive if you want).
3) Right click Windows.iso, select "Mount" from the top of the menu.
4) Run "Setup.exe" from the resulting virtual DVD drive
that appears with a new drive letter.


As an aside (me interjecting an inquiry):

Since I'm considering the similar action (manual install of 1903), does
the update occur entirely within the current Windows session without
requiring a reboot that needs to reread the virtual drive? While the
shutdown and reboot will perform the file replacements, I'm wondering if
the reboot will be configured to resume any remaining setup.


Everything required for the install is copied during
the "file copy" phase before the first reboot.

When the reboot happens, if you have Windows.iso mounted,
the reboot dismounts it, and it is not necessary to
remount the ISO either. The second and subsequent sessions
work with the file set on the C: drive (Windows and Windows.old).

If you were using a physical DVD for this, you could remove
the DVD during the first reboot cycle (press the popup boot
key to stall things, remove the DVD, select the drive where
the install is happening, to continue).

It's possible some of the copied materials are in Windows.~BT
or Windows.~WS type folders in the root of C: . One of the
logs goes into a place like that, so perhaps that's where
some of the materials are staged. The word "Panther" is
associated with the staging area, as a hint.

Paul
  #5  
Old July 13th 19, 03:48 AM posted to alt.comp.os.windows-10
lonelydad
external usenet poster
 
Posts: 90
Default Dumb (?) USB Flash drive question

VanguardLH wrote in :


As an aside (me interjecting an inquiry):

Since I'm considering the similar action (manual install of 1903), does
the update occur entirely within the current Windows session without
requiring a reboot that needs to reread the virtual drive? While the
shutdown and reboot will perform the file replacements, I'm wondering if
the reboot will be configured to resume any remaining setup.


If you are doing an install-either type-from an ISO, the process will load
all the files it determines it needs to your hard drive before the first
reboot. After that the ISO is not needed any more. The upgrade will just
proceed like all the others have - one or more reboots as needed until the
upgrade finishes.
  #6  
Old July 13th 19, 04:09 AM posted to alt.comp.os.windows-10
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Dumb (?) USB Flash drive question

lonelydad wrote:

I'll admit I didn't phrase things very well, but there are two distinct
actions going on here.

1. Since Microsoft has seen fit to not yet offer to upgrade my system to
1903, for no reason that I can discern, I am seriously thinking about
upgrading it myself, thus the downloading of the current 1903 version.

2. I just acquired a large USB drive, and want to make it bootable, for
reasons not really connected with #1. Thus the thought to use the Microsoft
manual download process to make the USB drive bootable, rather than just
download the ISO.

My understanding is that if I run startup from the USB drive WITHOUT
booting from it, in other words from a running 1809 Windows system, that I
will be able to perform an upgrade, and not a clean install, which would
happen if I booted from the USB first before running startup from it.


While I've been curious about doing a manual update to 1903, and Paul's
suggestions sounds doable (put the .iso on your drive and mount it to
run the setup program), I'm still leery of the update.

https://www.groovypost.com/howto/man...19-update-now/
"... nothing included in the version is ´vital¡ for the average users."

That was pretty much my diagnosis when I previously looked at what
changes would result of updating to 1903.

https://docs.microsoft.com/en-us/win...0-version-1903

The new minimum disk space requirement is, I believe, 32GB which is
pretty low nowadays. Doesn't apply to updating an existing Windows 10,
but looks to cut out older computers.

"Windows 10 Subscription ... for Education versions"
Doesn't apply to most folks here, including me, but does to those that
got their Win10 as a license from their school. Frankly, I'm not sure
the forced subscription added to the Education edition is a plus for
those users. I've been battling with various methods to disable Windows
Update (the old ways of disabling services isn't sufficient as Microsoft
added 2 sets of scheduled events to reactivate the service that I have
to disable, and perhaps even more afterward).

SetupDiag
Diagnosis why an update failed. Maybe it is helpful. I gave up on
those help wizards long ago. They were never helpful (to me).

Reserved Storage
Only applicable to those doing a fresh install. Not applicable to those
updating to 1903.

Delivery Optimization
One of the first tweaks that I disabled. I want updates coming solely
from Microsoft, not from elsewhere (albeit signed).

Automatic Restart Sign-on
This is to assist their update to complete successfully (by logging into
the same Windows account that initiated the update instead of letting
someone else log into a different account which would not complete the
update under that account).

Windows Update for Business
Not sure this applies to Home edition users, like me, which is the
majority of users.

Update rollback improvements
They might've improved the rollback to be more accurate or complete;
however, I rely on image backups to get me back to a prior state. Those
have always been reliable.

Pause updates
The pause interval can be extended for a month, but you'll still end up
getting forced to do the update. Taking away control from users in
managing the state of Windows 10 remains Microsoft's goal.

Improved update notifications
Seems oriented to covert updates that would normally not mention
anything until you shutdown. Wonder how many users will realize a red
dot on the Start button means update installation is pending. I bet
we'll see lots of users asking "What's the red dot mean?"

Intelligent active hours
Current the limit is 18 hours. You could not set active hours to span
more than 18 hours. This sucked because, one, it still forced the
update and, two, my active hours are all over the place. I might leave
the computer to remain idle for 4, or more, hours at 10 PM, 2 AM, or 7
PM. I'm goal oriented, not schedule oriented, so I work when there's
work to get done, not because the clock says it's quitting time. No
mention that users get more than an 18-hour span for active hours.

Windows Information Protection
Supposedly automatic discovery of your personal information contained
within files. Not really automatic. You have to enter a bunch of
filters of what data to find. Users presume such personal information
is not transmitted to Microsoft; however, since Windows has its sync
feature to keep the config consistent across multiple devices, seems
that sensitive information would get saved on their servers. Applicable
only to users of Defender. Not applicable to users of 3rd party
anti-virus/malware software that may have a similar feature.

Security configuration framework
These are preset security configs versus you having to work out all the
tweaks (and policies which Home users can't define except by registry
edits and only for those policies that do not include a system generated
hash to protect them from malicious alteration or corruption).

Security baseline
Microsoft altered the default or baseline of security tweaks. More
policies were added (which Home users don't care about and cannot
implement anyway except via registry edits). Microsoft has yet to
unroll (or not roll into, in the first place) multiple services under
the svchost.exe process meaning you cannot regulate, for example, which
service has access to which protected folders (a feature of Defender).
They did improve that only Microsoft-signed services can be rolled into
svchost.exe and dynamically-generated code is disallowed. But your
choice will still be to grant all Microsoft services access to a
protected folder to deny all; i.e., your choice will be trust all
Microsoft-signed services or none of them. They will also drop
password-expiration policies that require periodic password changes. No
mention to where this applies. For example, clients that use OAUTH2
tokens will have them expire, and the user may get prompt to re-login or
that sync will fail until a re-login. OneNote users (the Office 365
component, but sometimes with the OneNote for Windows 10 UWP/WinRT app)
have long suffered expiration of OAUTH2 tokens, so their notebooks cease
to sync until they re-login (which creates new OAUTH2 token). If all it
does is apply to Windows account password expiration, that was stupid
from the get-go since it never improved on the robustness of the next
password the user was forced to change to. The only time it was
effective was to compensate for lazy sysadmins who didn't update account
status in their domain for an employee that left (fired, quit, died) by
preventing the account's reuse by someone else after the password
expired, but that still left a window of opportunity as wide as was long
the password expiration.

Intune security baselines
Does anyone here care about or use Microsoft's Azure services? Don't
know why this they list this as a new feature since it was introduced
back in the 1809 update.

Defender
Some nice-sounding enhancements: cloud analysis (on new/suspect files),
always-on scanning (it didn't have on-demand aka real-time scanning
before? ... so, what, it monitored for file change events before?),
dedicated protection updates (with a bunch of gobblety-gook that doesn't
explain the change nor does the article to which they point), and
migrating some of the improvements back to Defender back on Win7 & 8 (so
now, perhaps, Win7 Defender won't be just an anti-spyware tool but also
anti-virus/malware). Adds geolocation support, so now they'll know from
where those samples come from (more tracking but useful when tracking
outbreaks to help focus on source).

Windows Sandbox
This was the only new feature that lures me to the 1903 update. See:

https://techcommunity.microsoft.com/...ox/ba-p/301849

However, the balloon quickly popped: the sandbox is available only for
Pro and Enterprise editions of Windows 10. The vast majority of use
Home edition users don't get it. As a Home user, you'll still have to
rely on 3rd party software.

Windows Defender Application Guard (WDAG)
Runs as an extension to Google Chrome and Mozilla Firefox. Don't know
if the extension is equally compatible with the variants of those web
browsers. This moves (well, not really) Edge's browser isolation to
Chrome and Firefox. "This extension will redirect untrusted navigations
to the WDAG Edge browser." Oh, so Microsoft is really just trying to
push users at their Edge web browser again (which now uses Google's
Blink rendering engine instead of EdgeHTML that Microsoft abandoned).
No thanks, I'll stick with Chrome and Firefox to render and secure the
web sites that I visit. Something else to *un*tweak in Win10; however,
looks like this isn't forced by the 1903 update, and the user has to go
through some machinations to use it.

Windows Defender Application Control (WDAC)
More stuff about policies. Don't know why they mention Path-Based rules
(aka Software Restriction Policies aka SRPs) since those have been
available since Windows XP. They only regulate if an executable can
load based on its path. While useful to keep rude software from
loading, it is not effective against malware that can still rename the
original file or delete it and put a malicious file in the same path by
the same name. Path SRPs do not use hashes or signing to ensure what
was allowed before is still the same and unaltered file later.

System Guard (new SMM Firmware Measurement feature)
Only applicable on new hardware that no one yet has, but is supposed to
come soon. However, for those who already have hardware, nothing they
change other than the motherboard will make use of this new feature.
Might be something you consider if you do your own builds and make a new
build a few years from now.

Identity Protection
Using PINs instead of passwords was a very stupid idea. PINs are less
robust than password (even weak passwords). You can use the option when
creating or changing your PIN to allow alphanumeric characters, so you
can have a PIN that looks just like a password, but you don't need the
1903 update for that.

Security Management
Defender has a long history of not defending itself as well as 3rd party
anti-virus/malware software. They added some more self-protection.

Microsoft Edge
Only of importance if you use Edge which is still under a meager 5% of
the marketshare for web browsers. This is where Microsoft dumps their
EdgeHTML rendering engine and moves to using Google's Blink engine.

https://netmarketshare.com/browser-m...%22-1000%22%7D

Microsoft keeps plugging at their web browser hoping one day they'll
come up with a magic elixir of functionality and features that has users
moving in droves to Edge, a pie-in-the-sky dream.


All in all, not much lure to the 1903 update. I was interested in the
Sandbox feature but only Pro and Enterprise edition users get that.
  #7  
Old July 13th 19, 04:57 AM posted to alt.comp.os.windows-10
Paul[_32_]
external usenet poster
 
Posts: 11,873
Default Dumb (?) USB Flash drive question

VanguardLH wrote:


All in all, not much lure to the 1903 update. I was interested in the
Sandbox feature but only Pro and Enterprise edition users get that.


You are likely to need SLAT/EPT support in hardware
for that Sandbox as well. Just a guess.

That hardware feature is more common in 2019 than it
was four years ago.

I have just one computer with SLAT. I could test
that, but have no plan to try it. I'm not a big
fan of sandbox this and sandbox that. Usually these
things affect how the program works, and restrict
how you can get work done.

The worry about "Russian dolls" technologies,
is how do you debug them when there is a problem ?
Process Monitor probably cannot trace the execution
of something which is inside a sandbox.

Paul

  #8  
Old July 13th 19, 07:05 AM posted to alt.comp.os.windows-10
VanguardLH[_2_]
external usenet poster
 
Posts: 10,881
Default Dumb (?) USB Flash drive question

Paul wrote:

VanguardLH wrote:


All in all, not much lure to the 1903 update. I was interested in the
Sandbox feature but only Pro and Enterprise edition users get that.


You are likely to need SLAT/EPT support in hardware for that Sandbox
as well. Just a guess.

That hardware feature is more common in 2019 than it was four years
ago.


The only BIOS requirement that I saw was the hardware-assisted
virtualization. Boxes have had that for quite awhile now. To check,
run systeminfo.exe and look at the "Hyper-V Requirements" section. Mine
are all marked Yes.

I've seen SLAT described since 2014, maybe earlier, so it seems
something that would be available in newer boxes. While my builds are
geared to 6-8 year survival period, most users replace them a lot
sooner, like after 4 years. Since 2014, most users even interested in
virtual machines, sandboxes, or virtualized drives would have already
replaced their desktop PCs. I had an Intel Core Duo for 8 years and
just recently replaced it with an Intel i7-8000 (non-T, so not over-
clockable which I don't do, anyway).

While possible, I didn't see the 1903 sandbox stating a requirement for
AMD's SLAT (or Intel's EPT), just for hardware-assisted virtualization
(which SLAT is usually included as part of that feature). SLAT showed
up in AMD's 3rd generation Opteron introduced in September 2007 and in
Intel's i3/i5/i7 Nehalem in November 2008. The CPUs had SLAT for over
10 years. Yes, it would take time for pre-built models to show up with
those CPUs, but I doubt it took more than a couple years.

I have just one computer with SLAT. I could test
that, but have no plan to try it. I'm not a big
fan of sandbox this and sandbox that. Usually these
things affect how the program works, and restrict
how you can get work done.


Although they call it a sandbox, it is far more like a virtual drive,
similar to how Returnil System Safe, Timewiz Time Machine, and other
virtual drive schemes (changes to the drive go to the virtual drive, a
reboot discards the virtual drive, so all those changes vaporize). Not
everyone wants the overhead, slowness of emulating all hardware (except
the CPU), using pass-through drivers, and the more complicated config of
using virtual machines, and why virtualized drives are a much lighter
solution. Some virtualing drive schemes allow for snapshots, but not
the one from Microsoft. Most virtualizing drive schemes require a
reboot to discard the virtual drive and all the drive changes (which
included registry changes since those are kept in files) that got
redirected to it. Looks like all you have to do with Microsoft's
"sandbox" is close it. As with virtual drive and virtual machine
schemes, the user must get involved in loading the virtual drive/machine
and later closing it or rebooting the OS. It isn't automatic as with
some sandboxes (e.g., Sandboxie or Comodo's Firewall Defense+ sandbox)
where you can list which processes get automatically sandboxed.

https://www.howtogeek.com/399153/win...always-wanted/

The worry about "Russian dolls" technologies, is how do you debug them
when there is a problem ? Process Monitor probably cannot trace the
execution of something which is inside a sandbox.


Why wouldn't you run Process Monitor inside the sandbox just like you
would with a virtualized drive or virtual machine? Back when I got
curious about Sandboxie, yep, you had to run multiple programs within
the same sandbox to ensure they cooperated within that environment. I
would expect that a process outside of the sandbox or virtual machine
couldn't look inside the sandbox or virtual machine, just like the
opposite isn't allowed which is what provides the security of isolation.

By the way, I have found articles that describe how to get the 1903
sandbox feature installed and usable inside the Home edition of Win10.
However, at this point, there's very little "pull" in the 1903 update
for me to bother with it. It's in my To Do list but with low priority.
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 10:47 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.