Microsoft releases Windows 10 updates KB4541329, KB4541330, KB4541331 and KB4541333

Microsoft released so-called C-D Week updates for older versions of the company’s operating system Windows 10 on March 17, 2020. The updates KB4541329, KB4541330, KB4541331 and KB4541333  are considered preview updates and fix issues only in these Windows versions.

The updates are for the following versions of Windows 10 and Windows Server:

  • KB4541329 for Windows 10 version 1607 and Windows Server 2016
  • KB4541330 for Windows 10 version 1709
  • KB4541331 for Windows 10 version 1809 and Windows Server version 1809 and Windows Server 2019
  • KB4541333 for Windows 10 version 1803

Most of the improvements and fixes apply to Server and Enterprise environments only. Home users may want to skip the updates for now and wait for the inclusion on the next Patch Tuesday.

Windows 10 updates KB4541329, KB4541330, KB4541331 and KB4541333

Windows 10 version 1607 and Windows Server 2016

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541329

The update includes the following improvements and fixes:

  • Fixed an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS. DNS zone.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed a session host issue when running an application in RemoteApp that caused application windows to flicker and DWM.exe to stop working.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Fixed a high CPU usage issue on Active Directory Federation Services.

Microsoft lists one known issue:

After installing KB4467684, the cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with greater than 14 characters.

Windows 10 version 1709

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541330

The update includes the following improvements and fixes:

  • Fixed a File Explorer issue that could cause it to close unexpectedly when using roaming profiles.
  • Fixed a delayed sign-in issue when signing in or unlocking a session on Hybrid Azure Directory joined-machines.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Fixed an issue that prevented machines from Microsoft Defender ATP Threat & Vulnerability Management.

Microsoft lists no known issues.

Windows 10 version 1803

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541333

The update includes the following improvements and fixes:

  • Fixed an issue that caused an error when printing a document repository.
  • Fixed a Bluetooth issue that caused a KERNEL_SECURITY_CHECK_FAILURE (139) stop error when waking up from Sleep.
  • Fixed a delayed sign-in issue when signing in or unlocking a session on Hybrid Azure Directory joined-machines.
  • Fixed an Azure Active Directory authentication issue.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Fixed an issue that prevented machines from Microsoft Defender ATP Threat & Vulnerability Management.
  • Fixed an issue that prevented machines from going into Sleep Mode automatically because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
  • Improved support for non-ASCII file paths for Microsoft Defender ATP Auto IR.

Microsoft lists no known issues.

Windows 10 version 1809 and Windows Server version 1809 and Windows Server 2019

Update Catalog link: http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4541331

The update includes the following improvements and fixes:

  • Fixed an issue that caused an error when printing a document repository.
  • Fixed a Microsoft Foundation Class toolbar issue that occurred when dragging it in multi-monitor environments.
  • Fixed a sign-in issue that prevented the touch keyboard from appearing.
  • Fixed an issue on server devices that caused new child windows to flicker and appear as white squares.
  • Fixed a File Explorer issue that displayed incorrect folder properties if the path was longer than the maximum path.
  • Fixed a Samoa time zone issue that caused calendar dates to appear on the wrong day of the week.
  • Addressed an issue with reading logs using the OpenEventLogA() function.
  • Fixed a Credential Guard issue that prevented machines from joining a domain.
  • Fixed a delayed sign-in issue when signing in or unlocking a session on Hybrid Azure Directory joined-machines.
  • Fixed an Azure Active Directory authentication issue that occurred when the user’s security identifier has changed.
  • Fixed an issue that might cause domain controllers (DC) to register a lowercase and a mixed or all uppercase Domain Name System (DNS) service (SRV) record in the _MSDCS. DNS zone.
  • Fixed an Azure Active Directory authentication issue.
  • Fixed a high CPU utilization issue when retrieving session objects.
  • Addressed high latency in Active Directory Federation Services response times for globally distributed data centers.
  • Addressed a high latency issue in acquiring OAuth tokens.
  • Fixed an issue to prevent SAML errors and the loss of access to third-party apps for users who don’t use multi-factor authentication.
  • Fixed an issue with evaluating the compatibility status of the Windows ecosystem.
  • Fixed an issue that prevented Microsoft User Experience Virtualization settings from roaming.
  • Addressed an issue with high CPU usage on AD FS servers that occured when the backgroundCacheRefreshEnabled feature is enabled.
  • Addressed an issue that created the Storage Replica administrator group with the incorrect SAM-Account-Type and Group-Type.
  • Fixed an issue that prevented machines from going into Sleep Mode automatically because of Microsoft Defender Advanced Threat Protection (ATP) Auto Incident Response (IR).
  • Fixed an issue that prevented machines from Microsoft Defender ATP Threat & Vulnerability Management.
  • Fixed issues that caused stop errror 0xEF when upgrading to Windows 10 version 1809.
  • Improves performance of ReFS in scenarios that involve many ReFS-cloned files.
  • Improves support for non-ASCII file paths for Microsoft Defender ATP Auto IR.
  • Improves performance of all token requests coming to AD FS.
  • Restores the constructed attribute in Active Directory and Active Directory Lightweight Directory Services (AD LDS) for msDS-parentdistname.

Microsoft lists one known issue:

After installing KB4493509, devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.”

 

Thank you for being a Ghacks reader. The post Microsoft releases Windows 10 updates KB4541329, KB4541330, KB4541331 and KB4541333 appeared first on gHacks Technology News.

Windows 10 version 2004: better Reserved Storage management

Microsoft introduced Reserved Storage in Windows 10 version 1903. Reserved Storage reserves storage for the operating system that is used exclusively for system updates, temporary files and other system activities.

The main idea behind Reserved Storage is to improve the reliability of critical system procedures, e.g. updating to new versions of Windows 10, that require a certain amount of storage.

Downside to Reserved Storage is that several Gigabytes of storage become unavailable for user activities, e.g. downloads, program installations or media.

Reserved Storage is limited to new installations of Windows 10 version 1903 or newer at the time of writing. Systems that get upgraded from earlier versions of Windows 10 won’t have Reserved Storage enabled.

windows 10 reserved storage

Windows 10 users who run Windows 10 version 1909 or 1903 can use the following method to check whether Reserved Storage is enabled on the device:

  1. Use the shortcut Windows-I to open the Settings application.
  2. Go to System > Storage.
  3. With the c: drive selected on the page, select “show more categories”
  4. Activate “System & reserved”.
  5. Reserved Storage is listed on the page that opens next to other system storage, e.g. system files or virtual memory, if it is enabled. If you don’t see Reserved Storage, it is not used.

Starting in Windows 10 version 2004, the next Feature Update of Windows 10 and the first feature update of 2020, Microsoft will make it easier for administrators to manage Reserved Storage. In particular, Microsoft added DISM options to check, enable, or disable Reserved Storage on devices running that version of Windows 10.

Up until now, it was required to edit the Registry on the Windows 10 device to activate or deactivate Reserved Storage.

Here is the list of the new commands and an explanation for each of these:

  1. Start an elevated command prompt window, e.g. by opening Start, typing cmd.exe and right-clicking on the result and selecting the “run as administrator” option.
  2. Now run one of the following commands:
    • Check Reserved Storage: DISM.exe /Online /Get-ReservedStorageState
    • Activate Reserved Storage: DISM.exe /Online /Set-ReservedStorageState /State:Enabled
    • Deactivate Reserved Storage: DISM.exe /Online /Set-ReservedStorageState /State:Disabled

The new commands make it easier for administrators to check, enable or disable Reserved Storage on Windows 10 devices. An option to change the size of Reserved Storage is still not available.

Now You: Reserved Storage, a good idea? (via Deskmodder)

Thank you for being a Ghacks reader. The post Windows 10 version 2004: better Reserved Storage management appeared first on gHacks Technology News.

Windows 10 drivers will be rolled out gradually

Microsoft started to work on improving how drivers are pushed via the Windows 10 operating system’s automatic update features. Windows 10 includes functionality to distribute drivers to user systems, e.g. when a driver is required for a device to work at all or properly.

While Windows 10 users may install drivers manually if available, many devices rely on these drivers initially or at all.

In late 2019, Microsoft revealed plans to make it easier to discover optional drivers through Windows Updates. Microsoft introduced yet another change in January 2020 that gives device manufacturers better control over driver distribution. One of the benefits allows manufacturers to flag drivers as incompatible with certain versions of Windows 10 to prevent device updates.

Gradual Driver rollout on Windows 10

windows 10 gradual driver rollout

Gradual rollout is yet another new feature that aims to improve drivers on Windows 10. Instead of pushing new drivers to all devices in the ecosystem right away, drivers are rolled out over time similar to how new Windows 10 versions are made available to a subset of devices at first.

Microsoft plans to monitor the driver using Telemetry to step in if a driver appears to be unhealthy. The distribution of the driver may then be paused so that issues may be investigated and fixed. A driver distribution may even be cancelled if no solution is found.

Gradual rollout drivers will only be made available to systems running Windows 10 version 1709 or later. Devices that run Windows 10 version 1703 or earlier will always receive the driver after the throttle is complete.

The entire gradual rollout process is divided into two phases:

  1. The 30-day monitoring period — Begins on the first day that a driver is throttled and ends about 30 days later.
  2. The driver throttling period — Each driver is assigned a release throttle curve and a risk is assessed against several factors. Microsoft lists three typical throttle curves:
    1. Throttle through 1% go 100% of the retail Windows population.
    2. Throttle to 100% of the retail Windows population.
    3. Throttle  with an initial set of a highly active population before progressing to 1% to 100% of the entire retail Windows population.

The throttle curve is “tightly related to its risk assessment”. Microsoft notes that optional drivers are usually throttled to 100% immediately but subject to the 30-day monitoring period.

Closing Words

Drivers may be throttled going forward and high risk drivers may be released to a small subset of the entire Windows 10 retail population only to monitor the experience and react to potential issues before the driver is made available to a larger percentage or even the entire population.

The new gradual rollout feature may reduce the number of devices impacted by driver issues distributed via Windows Update.

Now You: do you install drivers manually on your devices? (via Windows Latest)

Thank you for being a Ghacks reader. The post Windows 10 drivers will be rolled out gradually appeared first on gHacks Technology News.

Here is the fix for the Windows 10 error "A driver can't load on this device"

Some Windows 10 users may get the error message “A driver can’t load on this device” currently that may prevent devices from working properly on the device. Windows 10 may throw the error when a driver is installed manually on a device running Windows 10.

Manual driver installations may happen through Windows Update but also by downloading drivers or entire driver packages from manufacturer websites or third-party sites to install those. Popular third-party drivers are Nvidia and AMD video card drivers, drivers from sound adapters, or drivers that add printing or connectivity functionality to the device.

Tip: Microsoft is working on improving third-party driver support and controls that manufacturers have.

Microsoft published a new support article under KB4526424 that provides details on the issue and two suggestions on how to fix the issue.

A driver can’t load on this device

You are receiving this message because the Memory integrity setting in Windows Security is preventing a driver from loading on your device.

Microsoft notes that the Memory Integrity security feature may prevent drivers from being installed correctly on Windows 10 devices. The company recommends that administrators try and find an updated driver that may not have the issue. Updated drivers may be offered via Windows Update or provided by manufacturers of the device.

If that is not possible, because there is no driver that is more recent than the one that fails to install, Microsoft suggests that administrators disable the Memory Integrity feature on the system.

windows security memory integrity

Here is how that is done:

  1. Use Windows-I to open the Settings application on the device.
  2. Go to Update & Security > Device Security > Core Isolation Details
  3. Locate the Memory Integrity setting on the page that opens and set the feature to off.
  4. Restart the device so that the changes take effect.

Microsoft notes that a security issue in the driver, which could be minor, might prevent it from being loaded in first place. The company advises users to get an updated driver if possible before the second option, the turning off of Memory Integrity, is considered.

Now You: Did you run into driver loading issues before on Windows 10?

Thank you for being a Ghacks reader. The post Here is the fix for the Windows 10 error “A driver can’t load on this device” appeared first on gHacks Technology News.

Microsoft will change Diagnostic Data (Telemetry) Naming in Windows 10

Microsoft released a new build to the Windows 10 Insider channel recently which brings the build number to 19577.

The accompanying blog post highlights the changes in that version and the very first entry reveals that Microsoft will change diagnostic data naming in future versions of Windows 10.

Windows 10’s Settings application lists two different diagnostic data levels currently. The levels, Basic and Full, determine how much data is collected and transferred to Microsoft. Generally known as Telemetry data, it has been at the center of controversy surrounding Microsoft’s Windows 10 operating system.

Tip: check out our overview of privacy tools for Windows 10.

windows 10 telemetry

According to the announcement, both Basic and Full settings will be renamed in upcoming versions of Windows 10 starting with Insider versions this month (subject to change). Basic will be renamed to required, and full to optional.

The company notes:

As part of the Microsoft initiative to increase transparency and control over data, we’re making some changes to the Settings app and Group Policy settings that will start showing up in Windows Insider builds this month. Basic diagnostic data is now known as Required diagnostic data and Full diagnostic data is now Optional diagnostic data.

A post on Microsoft’s answers forum reveals plans to change the Enterprise-only Telemetry levels Security and Enhanced as well. According to it, Enhanced is going to be removed and Security renamed to Diagnostic Data Off.

  • Security diagnostic data becomes Daignostic Data Off.
  • Basic diagnostic data becomes Required diagnostic data.
  • Enhanced diagnostic data is removed.
  • Full diagnostic data becomes Optional diagnostic data.

Microsoft will provide “more granular” Group Policy settings to commercial customers to better configure the data that is collected in the organization. Details about these improved Group Policy settings have not been published yet but will be made available “closer to the retail release”.

Organizations who have set diagnostic data collecting to Enhanced, one of the options only available in Enterprise editions of Windows 10, need to change the level on PCs running Insider builds as these won’t be provided with future flights if diagnostic data collecting is set to Enhanced.

To continue receiving Insider build updates, devices need to be set to Full diagnostic data (Optional diagnostic data).

It appears that the planned changes only affect the names of the diagnostic data levels but not what is being collected. The only change to that comes in the form of new Group Policy options that organizations will have access to.

Now You: What is your take on the change?

Thank you for being a Ghacks reader. The post Microsoft will change Diagnostic Data (Telemetry) Naming in Windows 10 appeared first on gHacks Technology News.