Windows 11

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
The mitigations from the issues are absolutely nightmarish, too. Boot in to Safe Mode on individual PCs and manually delete some dozens of files. Client PCs don't have management consoles and if they're enterprise systems they DO have Bitlocker turned on. It's entirely possible some poor bastard will have to physically type in dozens or hundreds of drive encryption keys to unlock each single computer.

This company is going to be sued out of existence and I have no idea what Microsoft is going to say about the millions of man-hours this is going to cost to fix.

But yeah, let's keep everything in the cloud!
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,742
Location
Horsens, Denmark
So the airports use 11 or do you mean office?
My understanding of the CrowdStrike issue is that many large firms were running their "Falcon" cloud-based security software, and that all computers that received the patch pushed yesterday immediately went into BSOD boot-loops. With the fix requiring a tech to be hands-on with each impacted computer.

Edit: As usual Merc's info is more complete and probably more accurate, just didn't see it on the new page.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
So the airports use 11 or do you mean office?

Large portions of Azure are impacted, and that means hosted database systems that have nothing to do with clients. With VMs, you can mount the virtual disks and remove the impacted files at least, but who knows what level of automation they can provide for that?
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
The mitigations from the issues are absolutely nightmarish, too. Boot in to Safe Mode on individual PCs and manually delete some dozens of files. Client PCs don't have management consoles and if they're enterprise systems they DO have Bitlocker turned on. It's entirely possible some poor bastard will have to physically type in dozens or hundreds of drive encryption keys to unlock each single computer.

This company is going to be sued out of existence and I have no idea what Microsoft is going to say about the millions of man-hours this is going to cost to fix.

But yeah, let's keep everything in the cloud!
It should be good for some contract workers looking for overtimes. ;)
 

jtr1962

Storage? I am Storage!
Joined
Jan 25, 2002
Messages
4,379
Location
Flushing, New York
It should be good for some contract workers looking for overtimes. ;)
I'm not in the IT business but I imagine this kind work qualifies as "drop everything you're doing, get here now, and fix it yesterday". I'd bill anyone with that kind of urgency about 10 times my normal rate. I'm guessing the IT guys will do the same.

Millions of man-hours at $1K+ per hour gets well into the billions of dollars.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
They want your sweet, sweet data Lunar. They will stop at nothing to get it. You must return to monkey -- I mean -- Windows XP. You know it's true, you know now what you must do. :p
I was planning to take the computer offline in 2025, but maybe it will be sooner. The 8840U may be the internet computer, but not connected to the data. I was hoping to keep using the W10 on that one as long as practicable.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Today the MS installed the Co-Pilot in Windows 10. WTF?

It can be disabled, but not really removed.. Edge can be removed now, but not this computer herpes. That being said, you can turn it off and nobody is forcing you to interact with it. I don't know if you have a version of Windows that does group policies and I know you are resistant to modifying your OS for some reason so here's a fix:

Open an Administrative cmd / powershell / Windows Terminal session and input the following:

reg add HKCU\Software\Policies\Microsoft\Windows\WindowsCopilot /v TurnOffWindowsCopilot /t REG_DWORD /d 1 /f
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,820
Location
Eglin AFB Area
Website
sedrosken.xyz
Wow, this is upsetting. I really hate this for everyone else who has to deal with it... but I somehow keep rolling sixes, because everything's still up for my clients (including myself*) in my region. Still going to be a setback for their reputation -- how much precisely depends on how long it lasts and if it stays up for good after they get it back up.

The solution to most issues with Windows 11 is just to ignore the concept of a Microsoft account.

Indeed. Humorously, my boss just got a new personal machine the other day and called me last night because he hadn't set up a new computer for himself since Windows 10 was the latest, and he couldn't figure out how to skip through and create a local account. When I explained the oobe\bypassnro trick to him and how it was the only thing that actually worked, he was gobsmacked, and was like "has this just been your reality since we kicked over?" Yes. Yes it has. I'm kind of scared MS will "patch" that "exploit" in some future version of the OOBE, and at that point the only course of action will be making custom install media with Rufus and the like. Don't get me wrong, I love Rufus, I have never had it make a USB that doesn't work, but especially for our professional endeavors I prefer to use something like Ventoy and boot directly from an unmodified ISO. I'll probably have to get over that sooner rather than later.

*: I pay my work for a business M365 tenant and a single 365 Standard license, they host my email and I point my custom domain to it. I'd had problems with some destinations accepting mail from my previous host, which was ProtonMail, and then they took away a lot of the perks they'd given me for some reason and that was the last straw for me. Now I have issues with some places not accepting my TLD (some services block the .xyz TLD entirely for spam reasons, and I guess that's fair) but I can at least point it at my .onmicrosoft.com subdomain instead and have it arrive in the same box -- and originating from Microsoft means everywhere's all too happy to accept mail from me now. I might eventually grab a cheap .net address to get around that and have it as an alias or something, but for now using my onmicrosoft subdomain works fine.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Don't get me wrong, I love Rufus, I have never had it make a USB that doesn't work

Rufus just makes an unattend.xml file that gets dropped in the root for the ISO. I'm FAIRLY sure that using it with Ventoy will still respect that, since it's part of the Windows setup process and not anything inherent to the boot environment. Unattended installs have been a thing at least since Windows NT 3.1. I truly don't think that they're going away.

I go the extra steps of adding drivers, manually setting the time zone to Central Time, adding a folder of stand-alone utilities and removing installation components (Onedrive; Windows Mail/Outlook and Office 365) for my custom ISOs.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Initial installation is one thing, but MS can make the account mandatory at any time.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Initial installation is one thing, but MS can make the account mandatory at any time.

You say that, but Domain and local accounts are the standard for the overwhelming majority of computers in the world.
There are also computers that simply don't get connected to the internet. Those guys still need to function as well.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
One of my students put me on to WindHawk, a customization interface for Windows 11. This tool has many modules for things like restoring the Windows 7 Explorer View or the Windows Vista taskbar, and in some cases can apply different visual styles to third party applications as well. I tried it out on a PC I don't care about and I'm currently using Windows 11 that looks and acts almost exactly like Windows 10.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
OK, here's my quick guide to making Windows 11 suck less. I worked this out during a class session with some guys who just wanted a functionally better generic installer.

1. Use the Schneegans.de Autounattend.xml generator. The link is to the setup I used. This sets the classic context menu, enables RDP, sets Powershell to allow remotesigned scripts to run, creates a local admin account named Owner, shows file extensions and hidden files by default, installs Chocolatey, does not configure Bitlocker, sets time to proper GMT-6 and adds c:\bin to %path%. It also removes Office 365, Teams, Mail/Calendar, Outlook for Windows and OneDrive, suggestions on the start menu from the standard install and does not prompt users for all the all the privacy nonsense for either Windows or Edge.

2. I use c:\bin as a location to put third party binaries. I have my own collection of tools I toss in there, but some of the basics are things like Process Explorer, SpaceSniffer, Windows Easy Transfer, Screen2Gif, a copy of Macrium Reflect, the games from a Windows 7 install, 3dpipes.scr... I keep about 1GB of extra stuff there. I think it's handy for people who work on computers for others to have such a thing.

3. Likewise, I maintain c:\drivers for chipset, NIC, Wifi and USB drivers. This is where I stow the Intel's stupid m.2 nonsense. We talked about slipstreaming the drivers in, but it turns out that creates more bloat than just having a known location for everything.

4. Download your Windows 10 or 11 ISO from Microsoft. Start from a pristine one. My autounattend.xml will work with either os.

5. Because I am lazy and repackaging ISOs is WORK, AnyBurn is a free tool that can add to and rewrite an ISO file on Windows. Just open the ISO and edit its content. There's a menu option to create new folders. What you want to do is to make two folders under ISOroot\sources.

\ISOroot\sources\$OEM$\$1\bin
\ISOroot\sources\$OEM$\$1\drivers

Copy the stuff in c:\bin and c:\drivers\ respectively.
Copy the autounattend.xml file you made to the root of the ISO.
Optionally you can also put the intel nvme BS on the root of the ISO as well.

Then use Anyburn to write your new ISO file. Mine turned out to be about 7.7GB with drivers and extra software added.

6. Write the ISO out to a USB drive like usual. Rufus or whatever.

The installation doesn't take any longer than an unmolested one. This process was tested and found to work beautifully on both 10 and 11. There's nothing stopping anyone from adding back Office 365 or Teams or Onedrive if they want it; those things just aren't there to begin with. Since Chocolatey is installed by default, this system comes out ready to receive Firefox, 7zip et al from the jump and the number of hoops needed to get a Windows install in good working order is much lower than Microsoft's default configuration.

My test systems were a Lenovo Yoga with a brand-spanking new Ryzen 5 8640HS, a Beelink Ser5 with a Ryzen 5 5560 and an Asus Vivobook with an Intel 13500H.

I believe these are easy steps to follow and that they can be reproduced from original sources.
 
Last edited:

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Office 2007 lost access to its "powered by Bing" clipart library today. It is no longer fully functional.
Office 2007 was also the last version of Office that worked without any activation nonsense. Pour one out for the last version of Office that wasn't completely stupid.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Does Outlook no longer function for emails or is it just the useless Clipper art?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Does Outlook no longer function for emails or is it just the useless Clipper art?

I don't know if Outlook works. I assume that it doesn't work any worse than any other version of Outlook, but I refuse to support it and I don't install it if I'm given a choice in the matter.

Office 2007 used to be my path of least resistance for home users that whined about not having Word and Excel. I always pointed to LibreOffice or Google Docs/Sheets instead and even the web versions on Office.com, but having access to a version of Office I can install pretty much anywhere is something that solved problems for me. I hate telling people to consider Microsoft 365. There is no world where I think it's worth the monthly cost, even with the online storage and extra installations.

$20 for a copy of Office 2019 from a key reseller is probably an OK alternative now, but I actually like "Hey, here's this copy you can just use, but it's 15 years out of date and looks it. If you want something newer, leave me out of it."

I got a copy of Office 97 working on a Windows 11 computer a couple months ago. Someone had it on CD and still had the product key and even though there were a few errors during the install, Word and Excel did start and they worked, albeit without support for the newer, XML-based files.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
I have decades of emails in Outlook and really don't know what to do with them until I'm dead.
I should have assumed that MS would destroy Outlook, but did not plan well for it.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,820
Location
Eglin AFB Area
Website
sedrosken.xyz
I don't know if Outlook works. I assume that it doesn't work any worse than any other version of Outlook, but I refuse to support it and I don't install it if I'm given a choice in the matter.

Depends. For IMAP I'm sure it's fine, but the HTML renderer it uses is likely out of date as it's either going to be tied to IE7 or whatever version of IE is present on the machine. O365 Will Not Work(TM)(R) on it now as you can't use anything with it that doesn't support modern auth, regardless of the protocol. Ergo, nothing works with O365 email that isn't Outlook 2016 or above, or 2013 with certain specific updates on certain specific operating systems, or of course eM client or a modern version of Thunderbird or whatever.

I got a copy of Office 97 working on a Windows 11 computer a couple months ago. Someone had it on CD and still had the product key and even though there were a few errors during the install, Word and Excel did start and they worked, albeit without support for the newer, XML-based files.

You can add that with the Office 2007 Compatibility Pack. I use it to read/write XML formats on everything from Windows 98 with Office 97 and KernelEx all the way up to Office 2003 on XP/Vista. Still works fine with the XML files generated in the latest version of Office from my testing, though your mileage might well vary.

I almost wonder if the errors you report during installation were due to running in WOW64. I wonder if it isn't just fine on a 32-bit copy of Windows 10. I know Microsoft seemed allergic to shipping Win64 office binaries for a very long time for some reason.

You can also, presumably, find Office 2021 keys. I was shocked to find last time I looked that MS still sold "regular" office right alongside O365 subscription cards.

I have decades of emails in Outlook and really don't know what to do with them until I'm dead.
I should have assumed that MS would destroy Outlook, but did not plan well for it.

Lunar, you will likely be able to install Outlook and export OSTs for a very, very long time, likely long after we are all long-since dead and the sun has gone supernova. Because corporate mandates Outlook, and corporate is God.
 
Last edited:

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
I think the issue is that the stand-alone installations use a PST not OST as would be used for corporate systems with Exchangeable servers. I have a main PST that is less than 8GB, but I read somewhere that PSTs will not be allowed in the future. How do you manage personal emails that are not on existing servers?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
I know Microsoft seemed allergic to shipping Win64 office binaries for a very long time for some reason.

The reason was incompatibility with some VBA macros. If you had the typical "middle manager 100k column spreadsheet that is their entire career" setup, having one macro that doesn't return the same result it did in the 32 bit version, that was too much of a problem for IT to deal with, so the recommendation was just to stick to the 32 bit version until 2016 launched. I'm not sure if they fixed the compatibility problems or just decided that they didn't care any longer.

You can also, presumably, find Office 2021 keys. I was shocked to find last time I looked that MS still sold "regular" office right alongside O365 subscription cards.

Office 2021 is the first version in about a decade that was packaged and available for sale to end users. It was kind of a big deal when that was announced. You can even install it without a Microsoft account, believe it or not.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
But don't they require it to purchase? I did not think one could buy the physical copies with codes anymore.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
There does not seem to be any way to download without the account. Did they sell physical media back in 2020-2021?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
There does not seem to be any way to download without the account. Did they sell physical media back in 2020-2021?

You can absolutely download the media without an account, but the links to do so change periodically. The easiest way to GET one of those links is by signing in to Office.com, but the links remain usable for months and officecdn.microsoft.com does not enforce any authentication in and of itself.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
24H2 is now the default release of Windows 11 that is available for download. Wave a tearful goodbye to Wordpad and PSR.exe and say hello to dumbass new labels on the standard context click and also dumbass Window Recall.

If you want to make Wordpad work again on Windows 11, just put the three files named wordpad.* back in C:\Program Files\Windows NT\Accessories from an older version of Windows. I see a lot of value in making and editing .RTF files with needing anything extra or fighting with Microsoft over where files should be saved, so that's just going to be a standard part of my Windows install from now on.
 
Last edited:

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,820
Location
Eglin AFB Area
Website
sedrosken.xyz
And a whole new host of bugs, like uninstalling Recall reportedly breaking File Explorer. At this rate, Microsoft might well be better served by hiring some QA staff back and killing the Insider program if no one's going to report this crap until release.

I've been running 24H2 for a hot minute through the Enterprise LTSC 2024 IoT image I threw at my main to play around with (that rapidly turned into just leaving it alone) and I honestly don't have any major complaints, but I wonder if I actually have some proto-24H2 build that's still mostly 23H2 under the hood or something. Whatever the case, it's doing fine, so I'm not in a mood to go and change it.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
I have ~80 classroom PCs I have to go and update, plus client systems at customer sites that are going to need to update, and this change is big enough that I'm going to want to shepherd it to completion myself. So I'm going to have to make an updated ISO plus updated drive images now.

The registry setting to turn recall off is HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsAI\DisableAIDataAnalysis = 1
There's also a GPO, User Configuration > Administrative Templates > Windows Components > Windows AI > Turn off saving snapshots for Windows and I assume something similar is available for Intune.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
My sacrificial lamb systems, a Beelink Ser5 (R7 5800H, 16GB) and some or other Asus Vivobook with a 13500, don't even show the options for Windows Recall on 24H2. Apparently it's only present on computers that have an NPU and even then it's disabled by default. So we're all probably safe for anything but brand spanking new hardware from an OEM that wants to change Windows default settings.

There's also no AI-specific settings on those computers, at least not from In-place upgrades. Upgrading also didn't put Co-Pilot back during the upgrade. I'll try a clean install tomorrow and see what happens with that.

If the in-place upgrade is relatively clean, I'm a happy camper.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Would an AMD 9700X be safe for a while? I don't think AMD has much intelligence.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
What do you mean by safe? It's going to be able to run Windows 10 for as long as you feel like running it and if you want to give in and try Windows 11, I suggest starting from the autounattend.xml instructions I posted up thread to make a bullshit-free installation.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
I mean will W11 be spying on us using the new technology that generates the Total Recall?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
First: the end user component of Recall simply doesn't show up on the current version of Windows 24H2. It *IS* enabled by default. There's a proper way to shut it off, which is to run
dism /online /disable-feature /featurename: recall
from an admin terminal session.

Second, Windows 10 also has almost all the telemetry BS that windows 11 does. It was back-ported ages ago. You can block some of it with a tool like Spybot Anti-beacon, or manually use powershell commands to do the same thing.
 

sedrosken

Florida Man
Joined
Nov 20, 2013
Messages
1,820
Location
Eglin AFB Area
Website
sedrosken.xyz
I've gone ahead and made a couple scripts for our RMM using that handy registry entry and dism line you provided, thanks Merc. Like you've said it doesn't seem terribly necessary at present considering we're not buying anything with an NPU right now anyway, but it'll be interesting to see how things progress in-future. Didn't figure it'd be as easy as telling dism to exorcise it, but sometimes I live to be pleasantly surprised.
 
Last edited:

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,297
Location
I am omnipresent
Here's my updated autounattend.xml adapted to kill Recall.

Apparently, if you omit Recall from your Windows image entirely, it screws up the entire Windows 11 setup. It really has been made a dependency for Windows Explorer. You can still shut it off after Windows is installed, so I have dism running at first login to disable it.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
First: the end user component of Recall simply doesn't show up on the current version of Windows 24H2. It *IS* enabled by default. There's a proper way to shut it off, which is to run
dism /online /disable-feature /featurename: recall
from an admin terminal session.

Second, Windows 10 also has almost all the telemetry BS that windows 11 does. It was back-ported ages ago. You can block some of it with a tool like Spybot Anti-beacon, or manually use powershell commands to do the same thing.
Telemetry is not the same as taking screenshots within applications that don't naturally offer that functionality.
Having to hack the OS regularly to keep up with it is no longer worth it for personal use. Are APPLE and Linux doing the same thing?
 
Top