Over the past 1 1/2 weeks, we have touched on a number of new updates to Windows 8.1 and Windows Server 2012 R2 that our (Windows Performance/Reliability) team supports. We hope you’ve enjoyed reading these posts and look forward to your comments.
To wrap up the mini-series, we’d like to direct you to a couple of other resources with cool new features:
Remote Desktop Services Features
Thank you to the following folks that helped put this content together and get it published:
As always, the most current information regarding these features can be found in the following links:
Hello again Askperf! Today we are going to quickly highlight the new Assigned Access feature in Windows 8.1. Formally known as Kiosk Mode, Assigned Access is designed to restrict a standard user access to a single application. This feature works well for the corporate admin or parent that would like to prevent users from having full access to a given machine. Once configured, Assigned Access will prevent the user from other apps, computer controls, or other computer settings.
To enable this feature access the Settings Charm and select Change PC settings. Under the Accounts page you will want to access “Other Accounts” and you will see the option to add an account or “set up an account for assigned access”
There you have it. The next time the user logs in he or she will have a full screen of the application specified. It is important to note that you can only assign one Windows Store app per user. To sign out the user will quickly press the Windows log key five times.
Hello folks, today I would like to take some time and highlight some of the new UI changes in the shell for Windows 8.1. Windows 8.1 introduces several changes that allow the user to personalize and enhance the overall user experience.
The Start Screen now provides more customization options. There are more sizes available for customizing your tiles. You now have the options of large, medium, wide, or small tiles to maximize real estate on the start screen. Another change in 8.1 is that installing applications will not drop tiles directly on the start screen anymore. Instead, app tiles will be installed under the new All Apps screen. The new All Apps screen is accessed from the down arrow available on the start screen. Both start screen and all apps screen can also be customized to use the desktop wallpaper for additional personalization.
All Apps screen
The All Apps screen can be sorted by Name, Installed Date, Most Used, and by Category.
Another new feature is the ability to customize the lock screen with a slide show. This setting is configured via the Settings charm, Change PC Settings, Lock Screen. From here you have the option to play a slide show, specify a new local folder or SkyDrive, and control length of time before turning off the slide show.
The Start Button is back with Windows 8.1! Although it’s not the actual start menu. By default clicking the start button will navigate you to and from the Start Screen but this can be changes to navigate to the All Apps screen instead. Right clicking the button will provide you a context menu of shortcuts to useful and common programs such as event viewer, control panel, and the command prompt to name a few. If you prefer hot keys, pressing “Windows + X” will get you this same menu. The options to shutdown, sign out, or restart are also now available directly from the start button.
Boot to Desktop
Another nice feature is the ability to boot directly to your desktop. This setting is tucked away under Taskbar properties. To enable this you can right click on the Taskbar, select properties, access the Navigation tab, and select “When I sign in or close all apps on a screen, go to desktop instead of Start”. From the Navigation tab you can also point the start button to the All Apps screen if you prefer. If you are a PowerShell junkie, you can also replace the default command prompt option with PowerShell in the start button context menu.
These are just some of the new features available in Windows 8.1. Enjoy!
Welcome back AskPerf readers! Prior to Windows 8.1, scanning could be a relatively frustrating experience with many questions coming to mind…
With Windows 8.1, any Windows Image Acquisition (WIA) 2.0 compliant scanner will simply plug in and work, thanks to the magic of generic in-box scanner class drivers.
Since WIA 2.0 has been a logo requirement for all locally-connected scanner devices since June 2010, you can be fairly confident that any new scanner device will be supported.
The software to acquire images is also included with the operating system, thanks to the modern in-box Scan app. Start typing “Scan” at the Start screen and its tile will be displayed.
The Scan app will occupy the left side of the screen, with scanner configuration options that are automatically detected based on the device. You will also be presented with a choice of image formats and a location to save the image file to.
Once an image has been acquired, the Pictures modern app will be displayed to the right with the images you’ve scanned in.
At this point you’re free to import the image into any application of your choice, and have hopefully had a much better scan experience than in years past.
Hello again AskPerf! Today I’m going to introduce a new Windows 8.1 feature called Printer Roaming.
Windows 8 provided the ability for users to roam a number of settings with their Microsoft account, such as the desktop background and web history.
Windows 8.1 extends this functionality to include roaming of printer connections, and this is primarily aimed at bring-your-own-device (BYOD) scenarios.
If you use Microsoft-connected accounts in your workplace (i.e. an account tied to a Hotmail.com or Outlook.com e-mail address), Windows 8.1 will store your UNC printer connections in the cloud and reconnect them on other Windows 8.1 devices you bring into the workplace.
So, let’s say you’ve manually mapped 3 printer connections (e.g. \\ServerName\PrinterShare) on your Windows 8.1 desktop PC at work. When you bring a Windows 8.1 tablet into the workplace, the operating system will keep your printer connections in sync by automatically connecting them.
This feature is currently grouped with Other Windows Settings, which can be found in the SkyDrive options in the PC Settings application.
There are a few important caveats that I’d like to note.
At this point we see very few businesses implementing Microsoft-connected accounts in their environments, but this feature may become more mainstream in the future as Microsoft accounts evolve.
Hello again AskPerf! I’m happy to report that Windows Server 2012 R2 reinstates Remote Desktop Shadowing.
This functionality lived in kernel mode through Windows Server 2008 R2, but was removed from the product in Windows Server 2012 when the RDP stack was moved to user mode.
We’ve strived for feature-parity with 2008 R2, with the main visual change being accessibility through Server Manager.
So, where can I find it?
The shadow UI is located in Server Manager under Remote Desktop Services / Collections.
Simply right-click a user’s session and choose Shadow from the context menu, then choose to view or control the session with or without consent.
You may also access shadowing from the command line:
Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]] /shadow:ID Starts shadow with the specified sessionID. /v:servername If not specified, will use the current server as the default. /u:username If not specified, the currently logged on user is used. /control If not specified, will only view the session. /noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.
Mstsc.exe [/shadow:sessionID [/v:Servername] [/u:[Username]] [/control] [/noConsentPrompt]]
/shadow:ID Starts shadow with the specified sessionID.
/v:servername If not specified, will use the current server as the default.
/u:username If not specified, the currently logged on user is used.
/control If not specified, will only view the session.
/noConsentPrompt Attempts to shadow without prompting the shadowee to grant permission.
By default, a shadowee must explicitly give permission to allow their session to be shadowed. To be able to shadow without permission, the administrator must intentionally override this with a group policy set to allow shadowing without user permission.
You’ll find the shadow group policies in the following path (gpedit.msc):
[<Computer Configuration> |<User Configuration> \Administrative Templates\Windows Components\Remote Desktop Services \Remote Desktop Session Host\Connections \Set rules for remote control of Remote Desktop Services user sessions
[<Computer Configuration> |<User Configuration>
\Administrative Templates\Windows Components\Remote Desktop Services
\Remote Desktop Session Host\Connections
\Set rules for remote control of Remote Desktop Services user sessions
There are a couple of key limitations that you should be aware of:
I hope everyone is able to (re)integrate this extremely helpful tool in their remote desktop environments and get those older deployments moved to Windows Server 2012 R2.
Hello folks, today I am going to talk about a new feature that's available in Microsoft Windows 8.1 and Server 2012 R2 called NFC “tap to connect” Printing. NFC stands for Near Field Communication, which allows a two way communication between devices (endpoints) within a very close proximity; typically no more than few centimeters.
NFC “tap to connect” printing makes installation of printers very simple, in short, the user can just tap an NFC enabled device (for ex: a laptop or a tablet) on an NFC enabled printer and can then immediately install that particular printer.
This way, the user does not have to follow the traditional method of printer installation and does not need to know any details of the printer. For example, the print server where it’s hosted on, or the actual printer name itself. NFC “tap to connect” printing can be used for both WSD printers and shared printers.
There are printers that already have NFC capability built-in. The good news is, you can make any existing non-NFC printer NFC capable, by using an NFC tag. NFC tags are like stickers that can be programed to store the required information.
So how do we program an NFC tag? You can do this by using a simple PowerShell cmdlet called Write-PrinterNfcTag. Below are the steps to accomplish this:
1. Launch PowerShell as an administrator on a Windows 8.1 / 2012 R2 system that has NFC hardware capability. You can verify whether the system is NFC capable in device manager; if the system has an NFC device, it will be located under "Proximity devices" in device manager.
2. Type in the following command in the PowerShell window:
Write-PrinterNfcTag -Sharepath <UNC path of the printer>
Write-PrinterNfcTag -Sharepath <UNC path of the printer>
Write-PrinterNfcTag -Sharepath \\Myprintserver\PrinterX
Write-PrinterNfcTag -Sharepath \\Myprintserver\PrinterX
3. Once you run this command, you will be prompted to tap the NFC sticker (tag) against the device on which you ran the command. You now need to tap it against the NFC radio on the Windows 8.1 / 2012 R2 system within 30 seconds. Once tapped, the printer share information is written into the NFC tag. That’s it! Your NFC tag is now encoded with the printer share information and all you need to do is attach the NFC tag on the printer that you have specified in the Write-PrinterNfcTag command.
For a user to print, all they need to do is tap an NFC enabled device (for instance a tablet), on the NFC tag that’s attached on the printer, and the user will be prompted for the installation of that particular printer.
Please note, the NFC tag and the Printer never communicates with each other, the print process still uses the existing infrastructure and the network. NFC “tap to connect” printing is just a way to pair and install the printer and it does this like a charm!
I would like to introduce you to an exciting new feature in Windows Server 2012 R2 called VMConnect Enhanced Mode.
This feature enables high fidelity RDP sessions to VM guests over the VM bus. High fidelity implies getting audio, clipboard support, USB and other redirection in addition to enhanced graphics.
Creating high fidelity sessions to guests through TCP/IP RDP connections has always been possible, but requires a properly configured network path to the VM. The VMConnect Enhanced Mode feature allows for these high fidelity sessions when no network connectivity exists between the host and guest OS's.
So, how can I get started with this feature?
First, install Windows Server 2012 R2 with the Hyper-V role and create a Windows 8.1 guest OS.
Launch Hyper-V Manager on the host OS and tick the following boxes:
Server \ Enhanced Session Mode Policy \ Allow enhanced session mode
User \ Enhanced Session Mode \ Use enhanced session mode
Now connect to your VM and notice the familiar RDP dialog options that you may configure to enhance your VMConnect experience.
Display options and the ability to save your RDP settings
Select which local resources you'd like to redirect with RDP
Audio options, including input (mic)
Additional granular control of what's redirected and available in your session
I especially like the clipboard redirection, which means never having to use the Clipboard \ Type Clipboard Text option again.
Are there any caveats? Yes, and let's go over those now so there are no surprises.
VMConnect Enhanced Mode FAQ:
Q) Will this feature work with Windows OS's prior to 8.1? A) No. A Windows 8.1, Server 2012R2 or later OS guest is required.
Q) Does this feature work from an RDP session into the Hyper-V host? A) Yes. This feature is available when RDP'ing into the Hyper-V host.
Q) Does this feature work on Gen1 VM's? A) Yes. This feature works on both Gen1 and Gen2 VM's.
Q) Does this feature require integration services? A) Windows 8.1 includes integration services, but this feature does not require them to be enabled in the guest configuration options.
Q) Does this feature require a network adapter configured for the VM with a valid virtual switch selected? A) No. A key point of this feature is that the RDP connection is made over the VMBUS rather than having to configure networking.
Q) Does the guest OS need to be configured to accept RDP connections? A) No. This feature will work even if the guest is configured for "Don't allow remote connections to this computer".
Q) Are there any user requirements on the guest? A) Yes. Enhanced sessions are only available when logging into the guest as a member of the local Administrators group or the Remote Desktop Users group. Additionally, the guest OS must support Remote Desktop sessions. (i.e. Pro or Enterprise editions of Windows 8.1. Home editions will not work.)
Q) Is this feature compatible with RemoteFX-enabled guests? A) No. This feature is not available on guests with RemoteFX adapters.
Q) Should I expect this feature work on the first boot of the guest OS? A) No. The guest OS should be rebooted at least once to complete OOBE setup.
Thanks for checking out one of the great new features available in Server 2012 R2 and Windows 8.1. I hope everyone is able to make use of this soon!
Just wanted to give you a quick heads up that we are going to begin a Mini-Blog Series this Friday (10/18). We will be covering some of the new features in Windows 8.1 and Windows Server 2012 that our (Reliability/Performance) Team support.
We are still finalizing these blogs, so I do not have a complete list as of this post. However, I know you will enjoy reading about the new exciting features in these releases.
For more details about Windows 8.1 & Server 2012 R2, check these links:
Good morning AskPerf! David Alessi here from the Windows 8 client team. One of the biggest support issues we’ve seen is with Windows 8 Store (formerly Metro/Modern) Apps failing to start. This post is going to cover some of the most common issues that users run into, and how to troubleshoot them.
When troubleshooting Windows 8 Apps, first establish whether or not the App is starting at all. When a Windows 8 App is first clicked the first thing that appears is the splash screen for that particular App. For example:
The splash screen is a solid color page typically with the App’s logo on it. When the App is first clicked, Windows is responsible for running the splash screen while the App gets ready to run. If the splash screen is briefly displayed and then closes, this means that Windows is opening the splash screen but the App is not starting.
Now that I’ve laid out some common causes I’ll go over how to fix each of issues above.
To start there are a few logs that can help you narrow down on the issue. I typically start with logs when only a certain app or apps are acting up (as opposed to all of them). If this is the case, make sure to give uninstall/reinstall a shot, or at least update to the latest version of the application.
The uninstall option is accessed by right clicking an app,
And updates are managed through the store.
The first log I’ll mention is %TEMP%\winstore.log
Winstore.log tracks update and install information for your applications, if you are having issues after an install or update this would be a good place to look first.
The other logs that can be helpful are located in your event log, easiest way to get there is to type “eventvwr” with your start screen open. Run it as an administrator.
With event viewer open navigate to: Event Viewer>Applications and Services Logs>Microsoft>Windows
Logs of interest
There are more logs that track Windows 8 app information, I’m not going to go over them because I have not found them helpful but to name a few: All-User-Install-Agent, AppHost, AppxPackagingOM, PackageState-Roaming, PushNotifications-Platform, and Store-Licensing.
The easiest way to test if group policy is the issue is to test behavior of a fresh machine. That is, using the image and deployment process where you determined there was an issue in the first place (MDT, PXE, etc.).
If you suspect that a group policy setting is breaking the App, then the following steps should be performed on the problem machine and/or user session:
When applocker is responsible for blocking an application, the user is typically presented with the prompt “This app has been blocked by you system administrator” however, this is not always the case.
To verify whether applocker is causing you issues open your event log and open:
Application and Services Logs>Microsoft>Windows>Applocker
As mentioned above, file system permissions, whether in the image, in a logon/startup script, or in group policy, can affect Windows 8 Store Apps.
In Windows 8, there is a new principle used to run Windows 8 Apps - ALL APPLICATION PACKAGES. To check for this principle: right-click on a folder or file in the file system>Properties>Security Tab>Advanced.
Here you can see a list of all security principles on that location and their permissions. Notice ALL APPLICATION PACKAGES at the bottom.
ALL APPLICATION PACKAGES need the following permissions to execute properly:
The other major issues with Windows 8 Store Apps are authenticated proxies. Windows 8 Apps do not have the architecture built in to pass credentials, cookies, certificates or any other authentication methods to proxies – which will fail when loading. Some of these symptoms include the following:
This issue has been fixed in 8.1 but if you really want to know before committing to an upgrade collect a netmon trace from the client while attempting to access internet resources in a Windows 8 App.
Here is the KB detailing this known issue and it’s workarounds: Using authenticated proxy servers together with Windows 8.
Lastly, the Windows Firewall service needs to be set to automatic and running for Windows 8 Store Apps to work. It’s also required for a lot of other functionality in Windows 8 and so should not be turned off for any reason.
If you use a 3rd party Firewall product, then we recommend to configure Windows Firewall to not block any inbound or outbound traffic.
Finally, if all other steps fail, you can try clearing the Windows Store cache by running the following command:
Currently, Windows 8 and Windows Server 2012 RTM computers check for updates from Windows Update or Windows Software Update Services (WSUS) daily at a default time of 3:00 AM (configurable) as part of an automatic maintenance task which runs every day.
If any of the updates applied required a reboot, clients and servers may reboot during production hours instead of during maintenance windows which can be defined in the following group policy:
Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates
We have released an update KB2885694 which ships as part of cumulative rollup KB2883201. This update will change the behavior so computers honor fix installation times defined in the policy instead of the automatic maintenance task.
For a complete technical explanation, please visit our WSUS blog below:
Enabling a more predictable Windows Update experience for Windows 8 and Windows Server 2012 (KB 2885694) http://blogs.technet.com/b/wsus/archive/2013/10/08/enabling-a-more-predictable-windows-update-experience-for-windows-8-and-windows-server-2012-kb-2885694.aspx
Jim Collins Senior Support Escalation Engineer Microsoft Commercial Technical Support
Hello everyone! I am writing today to raise awareness of an issue that we have come across recently. I was working on a case with a customer where Server Manager in Windows Server 2012 would crash when he selected the Local Computer tab. While debugging the issue, we found that Server Manager was crashing when trying to display a bitmap image for the Local Computer icon. As we looked further into this, we found that when loading the bitmap image, it was trying to load a color profile in order to display the bitmap image properly. If you have ever worked with color profiles, you will recall that they are stored on disk under the Spooler folder, “C:\windows\System32\spool\drivers\color” and you can view them by loading Color Management from Control Panel, or from the Start screen just type “Color Management” and it will come up.
Figure 1: Color Management loading color profiles properly:
We have discovered that if the Print Spooler Service is stopped or disabled in Windows Server 2012 R2, the color profiles will not load properly and Color Management will be blank. If the color profiles are unable to load, then when Server Manager is trying to load them to display the bitmap icon, it returns a null and causes Server Manager to crash. This issue only seems to occur in Windows Server 2012 R2 and not Windows Server 2012.
Microsoft is aware of the issue and we will keep you posted here.