Windows 11

[Mercutio]

There's an issue now with Windows 11 that can prevent systems from booting under some circumstances. When installed on a new PC, Windows 11, even Home edition, now encrypts drives by default. Assuming the user can remember their Microsoft Account info, they can sign in to their account on Microsoft to recover the decryption key, which is 48 digits long. Anyone who has ever had to do boot time troubleshooting on Windows knows how many times you'll wind up having to reboot a PC to fix something. That translates in to repeatedly typing in a 48 digit key over and over to allow access to the encrypted volume. What fun.

 

[LunarMist]

Is it possible to remove encryption after installation? What happens when you swap drives around, use Acronis, Macrium, etc.? I'm not liking this at all.

 

[Mercutio]

You can remove the encryption if you'd like. It only takes a few minutes to decrypt a whole SSD. Whole drive encryption used to be a feature only in the more expensive versions of Windows, so I was surprised to see it on machines running Windows Home edition. The question of what happens with encrypted data depends on the software and the state of the drive when the backup is created. Some tools will make an encrypted backup. Some will copy the raw data that's present. Some will just refuse to work. What fun, right?

In theory, the recovery key should be stored with your Microsoft Account, can be backed up to an external device like a USB drive or it can be put in trust for a key recovery agent within a relevant organization. I'm a little bit concerned and haven't had a chance to test what happens when a Windows 11 PC that meets the requirements for hardware encryption (TPM chip etc) isn't configured with a Microsoft Account or domain membership in the first place. I HOPE it doesn't encrypt in that case.

I'm pretty sure the Thinkpad I just got from Lenovo also had its drive encrypted by default but of course the first thing I did with that thing was blow away whatever was there with my own Windows 10 system image.

I don't see Windows Home editions very often but between UEFI/Secure Boot and now encryption by default, Microsoft is really doing everything it can to make boot-time tools impossible to use on new computers.

 

[sedrosken]

I had to use an obscure key combination to bring up a CMD window to bypass the OOBE on the laptop I bought my sister for Christmas -- she doesn't have a Microsoft account presently, and I wanted to make it her decision to make one rather than have Microsoft try and force her into it.

I finally took the plunge and upgraded my work laptop since we're kicking the tires and looking at a possible company-wide deployment sometime early 2024. Thankfully the worst of the UI BS can be worked around, but at the same time I feel like I'm not getting the full picture of what using 11 is like if I do work around them, so I'm torn. I have to be able to, actually, y'know, work, but at the same time I need to get proficient with doing things the 11 way so I can properly support my users.

 

[Mercutio]

You CAN use Rufus to prepare an install image that drops the MS account requirements. Most of the integrations for the account boil down to redirecting folders to Onedrive (no, thank you) and having a place to put the default-on Bitlocker recovery key.

 

[sedrosken]

Right, but this was a Dell refurb I wanted to keep the (two year!) warranty on, I wasn't sure what it does and doesn't allow me to change (and was too lazy to read the terms) so I was hesitant to reformat and reinstall just for that. Frankly, if I was going to do that, I would have just installed 10 since it's a Zen3 laptop that doesn't need 11 for a competent CPU scheduler or anything.

 

[Mercutio]

The hardware warranty in no way depends on the state of software on the PC. We won that fight in like 1998. When I ship an in-warranty laptop for service, I remove the drive before I ship it anyway; I've heard of people getting their laptop factory reset too many times to trust anything else.

 

[sedrosken]

Hmm. Maybe I will just nuke it and install 10 over the weekend then, before I send it out to her.

Dell is at least a heck of a lot better about not preloading a ton of bloatware than they used to be -- the only thing I actually uninstalled was McAfee. It's just a shame Microsoft themselves are a lot worse about it than they've ever been.

 

[sedrosken]

For giggles I installed 11 fresh on my main desktop, to kick the tires a little between reinstalls of 10. Since all my user data lives on my NAS and I have a decent internet connection now, it doesn't matter much what I run on there day-to-day since there aren't any huge backup/restore operations involved. I installed the latest version, 22H2.

I spent an hour trying to set my default file viewer for JPG, JPE, PNG etc to IrfanView. It just would not do it! And for JPE, JPG and PNG specifically it straight up pretended the formats didn't exist!!

Turns out if you have the new version of the Microsoft Photos app installed (and 22H2 comes with it pre-installed), it locks your defaults. This is beyond ridiculous, beyond Orwellian -- it ought to be flat-out illegal. From what I understand this is expected and intended behavior. I could be wrong, and it could just be an exceptionally convenient bug. I'm surprised it even let me uninstall the app at all knowing all that.

 

[LunarMist]

What happens if the user updates to Windows 11 from 10? Can PS still be used to open everything from the Explorer?

 

[sedrosken]

IME every user setting that couldn't potentially cause a problem (for MS's bottom line, anyway) gets preserved. Essentially your default apps are reset to Microsoft's recommendations, but there's nothing stopping you from setting them back... until another update reverts them again.

 

[Mercutio]

What happens if the user updates to Windows 11 from 10? Can PS still be used to open everything from the Explorer?

You'll have your default Mail, Web Browser, Image Viewer and Media Player set to a default Microsoft application. If you have software that's known to be incompatible with Windows 11 (eg Flash Player), it'll be removed.

You'll be pressured to make a Microsoft account if you don't have one.

Microsoft JUST made the UI for selecting default applications less stupid, but not as unstupid as it was on Windows 7 or 10.

 

[sedrosken]

It's been my experience, especially on big build-changing updates, that it resets all my defaults again. It's almost to the point where I want to just break down and stop bothering with anything else, and that's exactly what they're going for, my guess anyway.

 

[Mercutio]

If you REALLY want to fix it for all time and don't mind breaking out a bazooka, you can force the matter with a group policy object. Here's an article that explains it. The GPO overrides any BS Microsoft does, even with full OS upgrades.

One of the companies I support uses NitroPDF Pro on every system and the sheer number of things that try to steal PDF handling is kind of crazy.

 

[Mercutio]

Something I just found out is that the firmware ID string overrides the online Windows activation database. I have an Asus Zenbook that I switch up for making and testing system images and I just noticed that when I applied the Win 11 Pro image that should activate through online entitlement, it told me it's unlicensed, even though the same PC was valid for Windows 10 Pro and the allowed to activate with the initial release of Windows 11 Pro. Once I switched it back to Win11 Home, it won't take the same Pro key it had before. It's not the end of the world since I am just applying updates and imaging, but I do have a finite number of "free" Windows Pro licenses.

Windows 11 is the first version where I'm trying to preserve the Home system image, because the release media didn't force a Windows account and the updated ISO does. I'd rather work from an updated system that doesn't force the matter than deploy workarounds, even if I do think Microsoft will respect an answer file for some time to come.

 

[LunarMist]

I have no idea of most of what you say, but it seems quite hopeless for a normal person. It sounds like you cannot easily do an upgrade without an account. My 2021 computer that came with 11 Home was demanding of an account just a couple months after 11 exsited.
Is there any meaningful difference between Home and Pro if you are not working with a business AD etc.?

 

[Mercutio]

I have no idea of most of what you say, but it seems quite hopeless for a normal person. It sounds like you cannot easily do an upgrade without an account. My 2021 computer that came with 11 Home was demanding of an account just a couple months after 11 exsited.
Is there any meaningful difference between Home and Pro if you are not working with a business AD etc.?

I'd say that it depends on your expectations. I like having access to group policies and remote desktop and I always assume that Windows computers have those things, but home edition doesn't. You can use things like VNC or use various tricks to enable proper RDP, but I'd rather just have it. Home edition's administrative controls look different and I don't always remember how.

There ARE workarounds if you don't want a Microsoft account, but it's a legitimate mess. Tell the Win11 OOBE that you want to join a domain and give it an invalid email, use an answer file, create your media with Rufus, install from the original Windows 11 media. If you're like me and legitimately use lots of personal machines, even giving in and making the account is a hassle because Microsoft only allows individuals to associate 10 devices with their account. If I actually want "a" Microsoft account to work as intended, I have to go through contortions to keep multiple IDs in sync (for password and personal security certificate sync) or run my own private Active Directory.

I'll also say that I think the value of a Microsoft account is dubious for most end users. Onedrive keeps 15GB of user files in Microsoft's cloud, whatever the first 15GB is. Hope you aren't a big fan of keeping music in your Music folder or video projects in your Videos folder! If it fills up, user files will start saving to the normal directory structure and now home directories are scary and confusing because some stuff will be local and some will be under Onedrive. Great. Password and certificate syncing is nice and it's welcome, but Microsoft does NOT explain how an account, a password, a PIN or Windows Hello are different without actual research that basically no home user is ever going to do. As much as I want to pick on people for not knowing an important password, Microsoft is prompting them for an EMAIL ADDRESS and if I had to guess, 95% of consumer Windows users also re-use the same password they have on their email account when they're told to set a password for that... and worse, they're also immediately asked to set a PIN, which is different from and can replace their password on a device, until something happens and the PIN isn't authorized and Microsoft expects the password again. The whole thing steps on my last nerve with Windows.

Apple has a similarly low number of allowed devices although I think it treats iOS and MacOS differently. Google is at least kind enough to keep all my Android and ChromeOS devices active on one account until I manually delete them.

 

[Mercutio]

Microsoft admits it can't fix Windows 11.

 

[Mercutio]

Just today, I'm finally getting around to doing something with Windows Server 2022. I upgraded things to 2019, and no one has any real interest in upgrading for no reason, so it hasn't been on my radar.

Server 2022 does not have a mandate for Microsoft accounts, nor can Windows Store software be installed. It doesn't have the incredible majority of the telemetry BS in Windows 11.

The down sides are pretty small: it deliberately misses support for common integrated NICs and Wifi (this can be fixed but it's a hassle); most consumer AV software doesn't run, and you'll have to do a tiny bit of work to make sound or Bluetooth operate, if those are things you care to have. I'm also aware that popular and god-awful chat software Discord won't run on Windows Server, but that's a feature IMO.



Grey market Windows Server licenses cost about the same amount as grey market Windows desktop licenses. Somewhere between $25 and $50 will get a working product key.

 

[Handruin]

It's been a long time since I've deployed a windows server product, the last may have been server 2012.

What kinds of things are you using it for these days or is this mainly to learn and stay updated?

 

[Mercutio]

It's been a long time since I've deployed a windows server product, the last may have been server 2012.

What kinds of things are you using it for these days or is this mainly to learn and stay updated?

Right now it's just learning. None of my customers are a good fit for Azure, which is absolutely the end goal of everything Microsoft is doing now. I totally understand why you aren't messing with it any more. A lot of SMB systems expect a Microsoft environment and even though MSSQL and .net code run fine on Linux now, often the applications my customers rely on will throw in other requirements that don't play so nice.

Azure needs a serious pricing adjustment for small business. 10-person businesses can't work with the expectation of $2500 monthly bills for IT services, which is what MS wants out of them.

 

[Handruin]

I hear ya on the gap between the major enterprise cloud services and the SMB market. That cost is no joke and it's a gut punch getting their first bill. The enterprise cloud market really wants the big fish revenue.

I know there are mid-tier offerings from the likes of Linode and DigitalOcean to name a couple but they can also be expensive and lacking in needed functionality like in a full Microsoft shop.