If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Dumb (?) USB Flash drive question
I'll admit I didn't phrase things very well, but there are two distinct
actions going on here. 1. Since Microsoft has seen fit to not yet offer to upgrade my system to 1903, for no reason that I can discern, I am seriously thinking about upgrading it myself, thus the downloading of the current 1903 version. 2. I just acquired a large USB drive, and want to make it bootable, for reasons not really connected with #1. Thus the thought to use the Microsoft manual download process to make the USB drive bootable, rather than just download the ISO. My understanding is that if I run startup from the USB drive WITHOUT booting from it, in other words from a running 1809 Windows system, that I will be able to perform an upgrade, and not a clean install, which would happen if I booted from the USB first before running startup from it. |
Ads |
#2
|
|||
|
|||
Dumb (?) USB Flash drive question
lonelydad wrote:
I'll admit I didn't phrase things very well, but there are two distinct actions going on here. 1. Since Microsoft has seen fit to not yet offer to upgrade my system to 1903, for no reason that I can discern, I am seriously thinking about upgrading it myself, thus the downloading of the current 1903 version. 2. I just acquired a large USB drive, and want to make it bootable, for reasons not really connected with #1. Thus the thought to use the Microsoft manual download process to make the USB drive bootable, rather than just download the ISO. My understanding is that if I run startup from the USB drive WITHOUT booting from it, in other words from a running 1809 Windows system, that I will be able to perform an upgrade, and not a clean install, which would happen if I booted from the USB first before running startup from it. Since you seem to want to do an Upgrade of your existing Win10 OS to 1903, just downloading the ISO and storing it on C: is sufficient. You don't even need the 512GB drive to achieve your ends. Upgrade Install: 1) MediaCreationTool1903.exe 2) Save as Windows.iso (on the C: drive if you want). 3) Right click Windows.iso, select "Mount" from the top of the menu. 4) Run "Setup.exe" from the resulting virtual DVD drive that appears with a new drive letter. ******* If you wanted to do a Clean Install, you could have MediaCreationTool1903 make your 512GB USB drive into a "bootable USB stick". That's a possibility. ******* You can also use Macrium, to turn the 512GB drive into a bootable USB device. That would be WinPE based. You can also put a backup of C: onto the same partition as the Macrium component parts. This turns the 512GB drive into both a boot source, as well as a data source for doing a restore of C: . Any more complicated setups are overkill. Paul Paul |
#3
|
|||
|
|||
Dumb (?) USB Flash drive question
Paul wrote:
Since you seem to want to do an Upgrade of your existing Win10 OS to 1903, just downloading the ISO and storing it on C: is sufficient. You don't even need the 512GB drive to achieve your ends. Upgrade Install: 1) MediaCreationTool1903.exe 2) Save as Windows.iso (on the C: drive if you want). 3) Right click Windows.iso, select "Mount" from the top of the menu. 4) Run "Setup.exe" from the resulting virtual DVD drive that appears with a new drive letter. As an aside (me interjecting an inquiry): Since I'm considering the similar action (manual install of 1903), does the update occur entirely within the current Windows session without requiring a reboot that needs to reread the virtual drive? While the shutdown and reboot will perform the file replacements, I'm wondering if the reboot will be configured to resume any remaining setup. |
#4
|
|||
|
|||
Dumb (?) USB Flash drive question
VanguardLH wrote:
Paul wrote: Since you seem to want to do an Upgrade of your existing Win10 OS to 1903, just downloading the ISO and storing it on C: is sufficient. You don't even need the 512GB drive to achieve your ends. Upgrade Install: 1) MediaCreationTool1903.exe 2) Save as Windows.iso (on the C: drive if you want). 3) Right click Windows.iso, select "Mount" from the top of the menu. 4) Run "Setup.exe" from the resulting virtual DVD drive that appears with a new drive letter. As an aside (me interjecting an inquiry): Since I'm considering the similar action (manual install of 1903), does the update occur entirely within the current Windows session without requiring a reboot that needs to reread the virtual drive? While the shutdown and reboot will perform the file replacements, I'm wondering if the reboot will be configured to resume any remaining setup. Everything required for the install is copied during the "file copy" phase before the first reboot. When the reboot happens, if you have Windows.iso mounted, the reboot dismounts it, and it is not necessary to remount the ISO either. The second and subsequent sessions work with the file set on the C: drive (Windows and Windows.old). If you were using a physical DVD for this, you could remove the DVD during the first reboot cycle (press the popup boot key to stall things, remove the DVD, select the drive where the install is happening, to continue). It's possible some of the copied materials are in Windows.~BT or Windows.~WS type folders in the root of C: . One of the logs goes into a place like that, so perhaps that's where some of the materials are staged. The word "Panther" is associated with the staging area, as a hint. Paul |
#5
|
|||
|
|||
Dumb (?) USB Flash drive question
VanguardLH wrote in :
As an aside (me interjecting an inquiry): Since I'm considering the similar action (manual install of 1903), does the update occur entirely within the current Windows session without requiring a reboot that needs to reread the virtual drive? While the shutdown and reboot will perform the file replacements, I'm wondering if the reboot will be configured to resume any remaining setup. If you are doing an install-either type-from an ISO, the process will load all the files it determines it needs to your hard drive before the first reboot. After that the ISO is not needed any more. The upgrade will just proceed like all the others have - one or more reboots as needed until the upgrade finishes. |
#6
|
|||
|
|||
Dumb (?) USB Flash drive question
lonelydad wrote:
I'll admit I didn't phrase things very well, but there are two distinct actions going on here. 1. Since Microsoft has seen fit to not yet offer to upgrade my system to 1903, for no reason that I can discern, I am seriously thinking about upgrading it myself, thus the downloading of the current 1903 version. 2. I just acquired a large USB drive, and want to make it bootable, for reasons not really connected with #1. Thus the thought to use the Microsoft manual download process to make the USB drive bootable, rather than just download the ISO. My understanding is that if I run startup from the USB drive WITHOUT booting from it, in other words from a running 1809 Windows system, that I will be able to perform an upgrade, and not a clean install, which would happen if I booted from the USB first before running startup from it. While I've been curious about doing a manual update to 1903, and Paul's suggestions sounds doable (put the .iso on your drive and mount it to run the setup program), I'm still leery of the update. https://www.groovypost.com/howto/man...19-update-now/ "... nothing included in the version is ´vital¡ for the average users." That was pretty much my diagnosis when I previously looked at what changes would result of updating to 1903. https://docs.microsoft.com/en-us/win...0-version-1903 The new minimum disk space requirement is, I believe, 32GB which is pretty low nowadays. Doesn't apply to updating an existing Windows 10, but looks to cut out older computers. "Windows 10 Subscription ... for Education versions" Doesn't apply to most folks here, including me, but does to those that got their Win10 as a license from their school. Frankly, I'm not sure the forced subscription added to the Education edition is a plus for those users. I've been battling with various methods to disable Windows Update (the old ways of disabling services isn't sufficient as Microsoft added 2 sets of scheduled events to reactivate the service that I have to disable, and perhaps even more afterward). SetupDiag Diagnosis why an update failed. Maybe it is helpful. I gave up on those help wizards long ago. They were never helpful (to me). Reserved Storage Only applicable to those doing a fresh install. Not applicable to those updating to 1903. Delivery Optimization One of the first tweaks that I disabled. I want updates coming solely from Microsoft, not from elsewhere (albeit signed). Automatic Restart Sign-on This is to assist their update to complete successfully (by logging into the same Windows account that initiated the update instead of letting someone else log into a different account which would not complete the update under that account). Windows Update for Business Not sure this applies to Home edition users, like me, which is the majority of users. Update rollback improvements They might've improved the rollback to be more accurate or complete; however, I rely on image backups to get me back to a prior state. Those have always been reliable. Pause updates The pause interval can be extended for a month, but you'll still end up getting forced to do the update. Taking away control from users in managing the state of Windows 10 remains Microsoft's goal. Improved update notifications Seems oriented to covert updates that would normally not mention anything until you shutdown. Wonder how many users will realize a red dot on the Start button means update installation is pending. I bet we'll see lots of users asking "What's the red dot mean?" Intelligent active hours Current the limit is 18 hours. You could not set active hours to span more than 18 hours. This sucked because, one, it still forced the update and, two, my active hours are all over the place. I might leave the computer to remain idle for 4, or more, hours at 10 PM, 2 AM, or 7 PM. I'm goal oriented, not schedule oriented, so I work when there's work to get done, not because the clock says it's quitting time. No mention that users get more than an 18-hour span for active hours. Windows Information Protection Supposedly automatic discovery of your personal information contained within files. Not really automatic. You have to enter a bunch of filters of what data to find. Users presume such personal information is not transmitted to Microsoft; however, since Windows has its sync feature to keep the config consistent across multiple devices, seems that sensitive information would get saved on their servers. Applicable only to users of Defender. Not applicable to users of 3rd party anti-virus/malware software that may have a similar feature. Security configuration framework These are preset security configs versus you having to work out all the tweaks (and policies which Home users can't define except by registry edits and only for those policies that do not include a system generated hash to protect them from malicious alteration or corruption). Security baseline Microsoft altered the default or baseline of security tweaks. More policies were added (which Home users don't care about and cannot implement anyway except via registry edits). Microsoft has yet to unroll (or not roll into, in the first place) multiple services under the svchost.exe process meaning you cannot regulate, for example, which service has access to which protected folders (a feature of Defender). They did improve that only Microsoft-signed services can be rolled into svchost.exe and dynamically-generated code is disallowed. But your choice will still be to grant all Microsoft services access to a protected folder to deny all; i.e., your choice will be trust all Microsoft-signed services or none of them. They will also drop password-expiration policies that require periodic password changes. No mention to where this applies. For example, clients that use OAUTH2 tokens will have them expire, and the user may get prompt to re-login or that sync will fail until a re-login. OneNote users (the Office 365 component, but sometimes with the OneNote for Windows 10 UWP/WinRT app) have long suffered expiration of OAUTH2 tokens, so their notebooks cease to sync until they re-login (which creates new OAUTH2 token). If all it does is apply to Windows account password expiration, that was stupid from the get-go since it never improved on the robustness of the next password the user was forced to change to. The only time it was effective was to compensate for lazy sysadmins who didn't update account status in their domain for an employee that left (fired, quit, died) by preventing the account's reuse by someone else after the password expired, but that still left a window of opportunity as wide as was long the password expiration. Intune security baselines Does anyone here care about or use Microsoft's Azure services? Don't know why this they list this as a new feature since it was introduced back in the 1809 update. Defender Some nice-sounding enhancements: cloud analysis (on new/suspect files), always-on scanning (it didn't have on-demand aka real-time scanning before? ... so, what, it monitored for file change events before?), dedicated protection updates (with a bunch of gobblety-gook that doesn't explain the change nor does the article to which they point), and migrating some of the improvements back to Defender back on Win7 & 8 (so now, perhaps, Win7 Defender won't be just an anti-spyware tool but also anti-virus/malware). Adds geolocation support, so now they'll know from where those samples come from (more tracking but useful when tracking outbreaks to help focus on source). Windows Sandbox This was the only new feature that lures me to the 1903 update. See: https://techcommunity.microsoft.com/...ox/ba-p/301849 However, the balloon quickly popped: the sandbox is available only for Pro and Enterprise editions of Windows 10. The vast majority of use Home edition users don't get it. As a Home user, you'll still have to rely on 3rd party software. Windows Defender Application Guard (WDAG) Runs as an extension to Google Chrome and Mozilla Firefox. Don't know if the extension is equally compatible with the variants of those web browsers. This moves (well, not really) Edge's browser isolation to Chrome and Firefox. "This extension will redirect untrusted navigations to the WDAG Edge browser." Oh, so Microsoft is really just trying to push users at their Edge web browser again (which now uses Google's Blink rendering engine instead of EdgeHTML that Microsoft abandoned). No thanks, I'll stick with Chrome and Firefox to render and secure the web sites that I visit. Something else to *un*tweak in Win10; however, looks like this isn't forced by the 1903 update, and the user has to go through some machinations to use it. Windows Defender Application Control (WDAC) More stuff about policies. Don't know why they mention Path-Based rules (aka Software Restriction Policies aka SRPs) since those have been available since Windows XP. They only regulate if an executable can load based on its path. While useful to keep rude software from loading, it is not effective against malware that can still rename the original file or delete it and put a malicious file in the same path by the same name. Path SRPs do not use hashes or signing to ensure what was allowed before is still the same and unaltered file later. System Guard (new SMM Firmware Measurement feature) Only applicable on new hardware that no one yet has, but is supposed to come soon. However, for those who already have hardware, nothing they change other than the motherboard will make use of this new feature. Might be something you consider if you do your own builds and make a new build a few years from now. Identity Protection Using PINs instead of passwords was a very stupid idea. PINs are less robust than password (even weak passwords). You can use the option when creating or changing your PIN to allow alphanumeric characters, so you can have a PIN that looks just like a password, but you don't need the 1903 update for that. Security Management Defender has a long history of not defending itself as well as 3rd party anti-virus/malware software. They added some more self-protection. Microsoft Edge Only of importance if you use Edge which is still under a meager 5% of the marketshare for web browsers. This is where Microsoft dumps their EdgeHTML rendering engine and moves to using Google's Blink engine. https://netmarketshare.com/browser-m...%22-1000%22%7D Microsoft keeps plugging at their web browser hoping one day they'll come up with a magic elixir of functionality and features that has users moving in droves to Edge, a pie-in-the-sky dream. All in all, not much lure to the 1903 update. I was interested in the Sandbox feature but only Pro and Enterprise edition users get that. |
#7
|
|||
|
|||
Dumb (?) USB Flash drive question
VanguardLH wrote:
All in all, not much lure to the 1903 update. I was interested in the Sandbox feature but only Pro and Enterprise edition users get that. You are likely to need SLAT/EPT support in hardware for that Sandbox as well. Just a guess. That hardware feature is more common in 2019 than it was four years ago. I have just one computer with SLAT. I could test that, but have no plan to try it. I'm not a big fan of sandbox this and sandbox that. Usually these things affect how the program works, and restrict how you can get work done. The worry about "Russian dolls" technologies, is how do you debug them when there is a problem ? Process Monitor probably cannot trace the execution of something which is inside a sandbox. Paul |
#8
|
|||
|
|||
Dumb (?) USB Flash drive question
Paul wrote:
VanguardLH wrote: All in all, not much lure to the 1903 update. I was interested in the Sandbox feature but only Pro and Enterprise edition users get that. You are likely to need SLAT/EPT support in hardware for that Sandbox as well. Just a guess. That hardware feature is more common in 2019 than it was four years ago. The only BIOS requirement that I saw was the hardware-assisted virtualization. Boxes have had that for quite awhile now. To check, run systeminfo.exe and look at the "Hyper-V Requirements" section. Mine are all marked Yes. I've seen SLAT described since 2014, maybe earlier, so it seems something that would be available in newer boxes. While my builds are geared to 6-8 year survival period, most users replace them a lot sooner, like after 4 years. Since 2014, most users even interested in virtual machines, sandboxes, or virtualized drives would have already replaced their desktop PCs. I had an Intel Core Duo for 8 years and just recently replaced it with an Intel i7-8000 (non-T, so not over- clockable which I don't do, anyway). While possible, I didn't see the 1903 sandbox stating a requirement for AMD's SLAT (or Intel's EPT), just for hardware-assisted virtualization (which SLAT is usually included as part of that feature). SLAT showed up in AMD's 3rd generation Opteron introduced in September 2007 and in Intel's i3/i5/i7 Nehalem in November 2008. The CPUs had SLAT for over 10 years. Yes, it would take time for pre-built models to show up with those CPUs, but I doubt it took more than a couple years. I have just one computer with SLAT. I could test that, but have no plan to try it. I'm not a big fan of sandbox this and sandbox that. Usually these things affect how the program works, and restrict how you can get work done. Although they call it a sandbox, it is far more like a virtual drive, similar to how Returnil System Safe, Timewiz Time Machine, and other virtual drive schemes (changes to the drive go to the virtual drive, a reboot discards the virtual drive, so all those changes vaporize). Not everyone wants the overhead, slowness of emulating all hardware (except the CPU), using pass-through drivers, and the more complicated config of using virtual machines, and why virtualized drives are a much lighter solution. Some virtualing drive schemes allow for snapshots, but not the one from Microsoft. Most virtualizing drive schemes require a reboot to discard the virtual drive and all the drive changes (which included registry changes since those are kept in files) that got redirected to it. Looks like all you have to do with Microsoft's "sandbox" is close it. As with virtual drive and virtual machine schemes, the user must get involved in loading the virtual drive/machine and later closing it or rebooting the OS. It isn't automatic as with some sandboxes (e.g., Sandboxie or Comodo's Firewall Defense+ sandbox) where you can list which processes get automatically sandboxed. https://www.howtogeek.com/399153/win...always-wanted/ The worry about "Russian dolls" technologies, is how do you debug them when there is a problem ? Process Monitor probably cannot trace the execution of something which is inside a sandbox. Why wouldn't you run Process Monitor inside the sandbox just like you would with a virtualized drive or virtual machine? Back when I got curious about Sandboxie, yep, you had to run multiple programs within the same sandbox to ensure they cooperated within that environment. I would expect that a process outside of the sandbox or virtual machine couldn't look inside the sandbox or virtual machine, just like the opposite isn't allowed which is what provides the security of isolation. By the way, I have found articles that describe how to get the 1903 sandbox feature installed and usable inside the Home edition of Win10. However, at this point, there's very little "pull" in the 1903 update for me to bother with it. It's in my To Do list but with low priority. |
#9
|
|||
|
|||
Dumb (?) USB Flash drive question
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|