Kategorie: IT-New

My Windows 10/11 Setup

November 3, 2022 / AlterNomade / Keine Kommentare

This post describes how I typically set up and configure my Windows machines.

[compatibility issues with Windows on ARM are marked red]
See Using the Windows Dev Kit 2023 ARM Mini-PC as Office Computer

I am slowly migrating to Windows 11, see Windows 11 ist (noch?) nix für mich.

For details on Windows features and configuration, see Paul Thurrot’s Windows field guides:
– Windows 10 Field Guide
– Windows 11 Field Guide

My typical Windows and apps layout:

Dark theme
Dark solid color background
Window borders in accent color (where supported by app)
My favorite Office commands in Quick Access toolbar above ribbon
Outlook HubBar disabled for more horizontal space
My most uses apps pinned to taskbar
Greenshot tray icon always visible
‚This PC‘ pinned to desktop
Colored mouse pointer (here green)

Install Windows

[In case you are angry at Microsoft making it difficult to install Windows without using an MS account: One reason for this might be that on modern HW Windows by default encrypts the system partition with BitLocker. If one loses the BitLocker key, one will lose all data in case of problems where the key is needed. Thus, Windows automatically stores the BitLocker key in the MS account.]

Even though being German, I prefer English as display language because the UI texts are shorter, there are less translation errors and it is easier to search for help with English texts and error messages. Sadly MS and many app developers confuse display language with locale, often resulting in apps with German UI even though I intended English.

Windows display language: English
Region: German
Keyboard: German
Add German language via language settings for proofing tools

Set up a sign-in PIN. This is safer than always using your password.
In addition, I configure a fingerprint if the machine supports this.

Update Software to the newest version:

Force Windows updates
While in Windows Update enable:
- Get Windows updates as soon as they are available
- Receive updates for other Microsoft products
Force Windows Store apps updates
Install PC maker’s updates via their tool, e.g. via Lenovo Vantage

Configure a backup tool
~~I don’t use File History because it does not support Boxcryptor encrypted files.~~ It looks like MS has deprecated File History (for OneDrive folder backup?).

Macrium Reflect
I use Macrium to
– backup system images (free version) and
– important files & folders (paid)
- Let Macrium create rescue boot entry
- password protect backups!
On ARM Macrium does not run
I use ‚Backup and Restore (Windows 7)‘
which is still available in Windows 11 (under Control Panel) or via the command wbAdmin, e.g.:
wbAdmin start backup -backupTarget:E: -include:C: -allCritical -quiet
Protect backups using Bitlocker on the external drive
- turn on BitLocker auto-unlock
- the drive can easily be unlocked other machines by simply entering the password (the long recovery key is needed only if one forgets the password)

Create a first backup to make it easy to revert to this point.

Create Windows system restore point
Might have to enable system restore first.
Create System partition image backup using backup tool
Create a recovery drive.
See Gute Elektronik und Zubehör for good USB-C/A Sticks.

Configure Windows

Dark mode for Windows and apps
Windows background: solid dark color
I consider background images distracting noise.
Taskbar alignment left
With a centered taskbar, pinned icons move when additional apps are opened. Left aligned looks nicer to me.
Show accent color on title bars and windows borders
Without colored borders I find it hard to distinguish between layered windows when using dark mode. Sadly the colored borders settings is currently ignored by MS Office and many older apps.
Additional clocks.
Add two additional clocks via ‚Date & Time, Additional Clock‘.
They will show in addition to the local time when pointing at the clock shown on the taskbar.
Set Taskbar Widgets setting ‚Show Announcements“ off.
This hopefully only shows weather info on the Taskbar.
Show most used apps: on (Win11 only)
Shows most used app at the top of All apps in the Start menu
Tighten admin security
This improves security and only costs rare additional confirmation prompts.
- User Account Control settings: ‚Always notify me‘
- Choose where to get apps: ‚Anywhere, but warn me before installing an app that’s not from the Microsoft Store‘
Set „If you’ve been away, when should Windows require you to sign in again?“ to 5 min.
Disable keyboard caps lock.
I rarely need caps lock, but often hit it accidentally. This is easy to reverse.
disable_caps_lock.zip
Enable Windows Voice typing launcher via CTRL-H, Settings.
Make Mouse pointer easier to locate
- Green color
  I use a different color for each machine to help distinguishing which machine I am on when remoting.
- Enable ‚Show location of pointer when I press the CTRL key‘
~~If the File Explorer OneDrive context menu with „Share“ or „View online“ is missing: Change the User Account Control policies to allow OneDrive context menus.~~ ~~To cumbersome to configure. I use OneDrive online to share.~~
With the Win11 March 2023 update the OneDrive menu items are available by default in the right-click context menu via „Show more options“ or via shift+right-click.
Enable Remote Desktop Connection (RDP) to new machine
I find it helpful to be able to remote into all my machines, e.g. for scenarios when they are running without peripherals connected or when they are not reacting to mouse and keyboard. Beware! If you did not RDP into a machine for a long time, it might refuse accepting the correct credentials. I try to prevent this by periodically running an app as admin on the remote machine, e.g. runas /u:MicrosoftAccount\[my account] cmd.exe
Enable Nearby Sharing
I currently don’t use this.
For a good explanation of all Windows file sharing methods, see A quick survey of legacy sharing features
Bitlocker
- Enable Bitlocker for all drives
  - On modern HW Bitlocker is automatically enabled for the system drive (without notifying the user) and the key is stored in the Windows account
  - If your backup tool does not support password protection: enable BitLocker for the removable backup drive too
- Backup Bitlocker Keys to
  - USB stick
  - Print to store in bank safe
  - Save to encrypted(!) cloud storage
  - Save to AD
    As my machines are connected to my work/school account BitLocker keys are saved to AD instead of my personal MS account. Because „Save… to AD…“ is not offered by the BitLocker control panel app is use PowerShell:
    - $BLV = Get-BitLockerVolume -MountPoint „D:“
    - BackupToAAD-BitLockerKeyProtector -MountPoint „D:“ -KeyProtectorId (($BLV.KeyProtector | where {$_.KeyProtectorType -eq „RecoveryPassword“}).KeyProtectorId)
Storage Sense
Maybe change run ‚During low free disk space“ to „monthly“.
Import all EFS-Certificates
I have lots from many machines. Some with v10+ years old certs.
Enable Windows long paths
To enable long file paths in Windows, open Registry Editor, create a new DWORD named „LongPathsEnabled“ in „HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem“ and set the value to 1.
Turn on the Diagnostic Data Viewer under ‚Diagnostics & feedback“
- Install the Diagnostic Data Viewer app from the Microsoft Store

File Explorer options

Compact view
Single-click to open an item
I am quicker with single-click. One only has to master selecting multiple files with single-click enabled.
Deselect ‚Hide extensions of known file types‘
~~Deselect ‚Hide protected operating system files‘~~
Always showing protected OS files is no longer helpful since after Windows XP.

Install Apps

[ToDo: try using the winget installer. It seems to offer most of my apps

winGet upgrade –include-unknown
Lists all apps with available updates
winget upgrade –all
Installs all updates
or use the UI
Install via winget install wingetui
Includes an auto updater

]

Windows apps

MS Office apps
- Outlook
  - Add all my email accounts
    Next time I will try to add all my email accounts via importing a registry tree export from an existing PC under:
    HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles
  - Set download from the past‘ to ‚all‘
    sometime one has to force OL to actually download all by navigating to the last email
  - Diable „Screen Tips“, via File, Options, General.
  - Restore Outlook signatures
    Sadly signatures don’t sync automatically between installations.
    I simply store them in a .txt file because I need them in different email clients.
    Alternatively Outlook signatures can be backed up and restored from:
    C:\Users\<username>\AppData\Roaming\Microsoft\Signatures
  - ~~Configure secure email using an S/MIME certificate~~
    I gave up on email encryption because none of my contacts were interested, including businesses (as I still was working for a SW house – how incredibly stupid!)
  - Check if Outlook uses Windows indexing, via Outlook, File, Options, Search, Indexing Options. Note! the options Window here show Windows indexing setting more complete are readable than Windows Settings, Indexing options: e.g. Outlook, OneNote, … instead of cryptic mapi16//… names.
- Word
  - Create signature image Quick Part to sign Word documents
    - Insert image into a document
    - Select image, got to Insert, Quick Pars, save selection to Quick Parts gallery
- Exel
- Powerpoint
Windows Mail
- Add my Microsoft 365 email account only
  For mail and calendar Live Tiles in Win 10. And As fallback in case Outlook hangs.
  The Win11 Outlook Calendar Widget does not work for me (June 2023)
MS To Do
- Connect to my Microsoft 365
  This automatically syncs Outlook tasks with To Do
OneDrive Personal and For Business
For a good description of OneDrive features, see Get to know OneDrive in Windows 11
- Disable File Collaboration.
  I don’t work concurrently on Office docs on different PCs.
  Maybe that makes OneDrive faster and more robust.
- Configure OneDrive Folder Backup for Documents and Pictures.
  Configure Folder Backup for Desktop on one PC only! Otherwise OneDrive will create a merged mess of the desktops of several PCs.
- Change the location of the Music folder to my OneDrive Music folder via properties, Location.
- Add my OneDrive Camera Roll folder to File Explorer Quick Access – this is where OneDrive Android backs up my phone’s photos redundantly to Google Drive (one must configure this manually in OneDrive for Android via Me, Settings)..
- Configure offline use.
  I select offline use for my desktop machines, and files on-demand for my mobile machines, marking some folders with ‚Always keep on this device‘. The 200GB local storage space required in my case does not bother me.
- Sadly OneDrive for Business syncs quite slowly (the Personal version is a litte quicker)- sometimes it takes several days to download my 170GB – which is especially annoying because during this phase required files don’t downloading on-demand.
- OneDrive for business has annoying restrictions for path length and file and folder names. This stems from its underlying implementation (Sharepoint). I found out the hard way when migrating from OneDrive personal to business. This is totally unacceptable and MS should have changed their implementation long ago.
OneNote
One of my favorite features of OneNote is that it automatically inserts a link to the source URL when pasting a snippet from the web.
- Add from Windows store for auto updates
  Since Oct 2022 the store delivers the desktop version
  which is the version MS will support in the future.
Skype
In addition to the standard Skype functionality I have a Skype number (Skype Festnetz Telefonnummer) and use Skype to Phone (to cheaply call any phone number anywhere in the World) using Skype credit (no monthly plan).
- Configure microphone and cam
Phone Link
- Add PC to the Android „Link to Windows“ app

Windows Sandbox
- Enable the Windows feature „Sandbox“
  Is very slow on ARM.
- I automatically install Brave via a .wsb config file using the RuckZuck installer. For more Sandbox config options see Start Windows Sandbox With Preinstalled Apps

MS Office settings. For apps Outlook, Excel, Word, PowerPoint, OneNote:

Show Quick Access toolbar above the Ribbon
Import my app-specific Quick Access toolbar icons
Office Quick Access Toolbar Icons .zip
Outlook: disable the HubBar
I often use Outlook on a monitor in portrait mode and HubBar needlessly wastes precious horizontal space. Under
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides\ create a new string value Microsoft.Office.Outlook.Hub.HubBar and set it to false
Make Firefox the browser to open with web links in Outlook via setting
File>Office Account>Advanced>File and brwoser preference to „Default Browser“.
OneNote
Beware! When opening notebooks, multiple versions may exists in different network locations. I always make a change to a notebook on a machine which is currently in use to verify if this change propagates to the notebook opened on the new machine.
- Force a OneNote backup

Other Apps (manual install)

Boxcryptor
I consider zero-knowledge encryption of cloud data a must-have, see Thoughts and Experiments on Cloud Encryption and Datenschutz (Ende-zu-Ende Verschlüsselung, …)
To include decrypted Boxcryptor files in Windows indexing ‚Enable Windows search‘ in Boxcryptor advanced settings and add the drive x: to Windows indexing.
In Nov 2022 BoxCryptor was sold to Dropbox. I don’t know if and when Dropbox will offer good and safe E2EE encryption. The alternative Cryptomator does not support Windows on ARM. I moved to Tresorit, which works better than the Boxcryptor/OneDrive combo I used on Intel.
I don’t use OneDrive Vault: It offers no E2EE. Backup tools cannot backup Vault files. Vault was unstable in my tests.
Tresorit
For end-to-end encrypted storage of privates files in the cloud.
1Password
A password manager is a must.
For 2FA is use the MS Authenticator Android app. Currently I am evaluating using 1PWD for 2FA too.
Many common assumptions about good password are wrong.
See Toward better Master Passwords.
Macrium Reflect
to backup system images (free) and important files
- password protect backups
- !Macrium cannot backup the Tresorit drive
  Baching up the synced folders works fine
- on ARM systems (like the Windows Dev Kit)
  Macrium does not work. I fall back to ‚Backup and Restore (Windows 7)‘ for image backups, which is still available in Windows 11 (under Control Panel).
Portfolio Performance
Kindle for PC app
While reading is way better on a Kindle ePaper reader I prefer the PC app or cloud reader if I need to search a lot or jump around in books – as one typically does with technical books.
Oscar
To analyze my sleep apnea data from my APAP machine
Adobe Acrobat XI Standard
The license came with my iX500 Scanner
To edit and sign PDFs with a signature image
- Configure signature picture to sign PDFs
AusweisApp2
For authentication with my German identity card.
Works fine with the Android AusweisApp2 and a phone as ID card reader.
cyberjack RFID standard USB smart card driver and tools
Balsamic Mockups
To design UIs
Markdown Monster
~~Veracypt~~
don’t need this any longer
MS Powertoys
I only use:
- „Awake“ to conveniently prevent the PC from shutting down
  when running lengthy operations
- Image Resizer
  when I want to forward images
- T (Win+Shift+T) Extractor
  to extract text from images
Sysinternals Suite
There is an ARM version!

Private Internet Access (VPN)
Brother printer tools
Will never buy HP printers again because several times they stopped supporting new Windows versions.
Fujitsu iX500 Scanner driver and tools

Other Apps (Ninite install)

Ninite is very handy to install common apps and automatically keep them updated.
I am using this for years: reliable, minimal UI – highly recommended!
The initial Ninite install is free (without any registration). The Ninite Updater costs $10/y.
For alternative installers see Start Windows Sandbox With Preinstalled Apps.

Firefox
- Enable sync
- Add add-ons
  See Recherchieren – Warum, Wie und Womit
Chrome
Greenshot
Is free and good.
Always show tray icon on taskbar.
FileZilla
Export / import its settings
Notepad++
VLC
7-Zip
~~Dropbox~~
I no longer use this

Web Browsers

Set Firefox as default web browser, configured for research
see Recherchieren – Warum, Wie und Womit
Brave and Chrome as alternative options
Edge is installed by default
Enable HTTPS-only mode in every browser
Set preferred language for search results to english for each search engine, e.g. on https://www.google.com/preferences

My Firefox customizations with website in reading mode

Virus scanners, Windows optimizers

I don’t install any 3rd party virus scanners, the built-in Windows Defender is sufficient for me.

One can install the new MS PC Manager – while it seems to offer no new functionality to Windows it makes it easier to perform Windows healthcare by offering existing features in one place. Beware that Windows defender reports PC Manager as „another antivirus program“!

Generally I never use any optimizers or driver tools. I do however use the driver updater from notebook vendors like Lenovo Vantage – I do not use their optimizers.

Clean Windows

For minimal Windows VMs I sometimes use the Debloat Windows PowerShell scripts by Chris Titus. Alternatively, one could modify the Windows setup to only install the wanted features and apps using the MSMG ToolKit.

Uninstall unwanted Apps.
Windows 11 is less stubborn here and allows to easily uninstall more unwanted stuff.

Remove unwanted shortcuts.

Disable unwanted Windows startup entries.

To free drive space from unneeded files (especially very large ones) I use the built-in Disk cleanup, File Explorer (search for *.* and order by size), Microsoft’s PC Manager and WinDirStat or WizTree.

Create App Shortcuts

Pin frequently used apps to taskbar

Add frequently used web sites to desktop

Resize desktop icons (depending on monitor resolution) by selecting all via CTRL+A and CTRL+/-MouseWheel

Final Backup

Create ‚config completed‘ backups to make it easy to revert to this point.

Create Windows system restore point
Create System partition image backup using backup tool
Backup BitLocker recovery keys:
- Print to store in bank safe
- Save to USB-Stick and encrypted(!) cloud storage

Store the Windows product key in 1Password
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\BackupProductKeyDefault

Windows 10 vs. Windows 11

With Win11 I miss Win10 Live Tiles. Was using a full start screen with large Live Tiles for Mail, Calendar, 5 MS Weather tiles for different locations I like to travel to, 3 MS To Do lists and 3 MS Money medium tiles for funds and currencies I am interested in. I don’t get the rationale behind those Win11 widgets: no full screen, no multiple instances and these pesky clickbait news stories which you cannot get configured away, however hard you try [Jan 2023: getting rid of the clickbait cards is slowly improving].

I like the new windows snap layouts in Windows 11. Snapping a Window can be initiated by moving it to the screen edges or by hovering over (not clicking!) the Windows maximize button.

With single monitor setups I frequently use the multiple desktops feature:

Using the Windows Dev Kit 2023 ARM Mini-PC as Office Computer

Oktober 28, 2022 / AlterNomade / 3 Kommentare

This post describes my experience using the Windows Dev Kit 2023 ARM Mini PC as my office computer. This is not the usage scenario intended by MS, but I wanted to see how the little ARM machine fares as an office PC before using it for my app development.

The Sept 2023 firmware update improved graphics stability. This did not solve my graphic and sound problems completely but made them bearable.

[compatibility issues are marked red]

Microsoft Learn: Detailled infos about the Dev Kit 2023 from Microsoft

Main specs:

CPU: Snapdragon 8cx Gen 3
notebookcheck: Qualcomm Snapdragon® 8cx Gen 3
Qualcomm: Snapdragon 8cx Gen 3 Compute Platform
AnandTech: Qualcomm’s 8cx Gen2 for Notebooks, Nuvia Corfe in 2022/2023
GPU: Qualcomm Adreno 690
60Hz via USV-C at 3840×2560
50Hz via mini DP at 3840×2560
NPU to accelerate AI/ML workloads
See Surface Pro 9 Hands-on NPU based Windows experience
(Automatic Framing, Portrait Blur, Eye Contact, Voice Focus)
32GB LPDDR4x RAM
KIOXIA BG4A 512GB NVMe SSD, M.2 2230 form factor
Might upgrade to a 1TB fast Sabrent 2230 M.2 NVMe Gen 4 when it is available at an acceptable price. It looks like Gen 4 drives are compatible:
- Surface Pro 9 SSD Upgrade
- Best practices for SSD removal from compatible Surface devices
2x USB-C USB3.2 Gen 2, 4 lane x 8.1 Gbps/lane
3x USB-A USB3.2 Gen 2
Mini-DisplayPort
Ethernet Port (RJ45), 1GbE
Wi-Fi 6, Bluetooth 5.1
196 mm x 152 mm x 27.6 mm, stackable
Windows 11 Pro
Power consumption: 5 to 28W
700€

Start-up times:

With fast start-up off: 25s
Time until login sound. As normal with Windows, after login it takes a while for the PC to be fully usable.
With fast start-up on: 23s
Wake from sleep: 1 to 3s

Crystal Diskmark

SSD speed after several weeks of usage, 75% full:

Arm-native dev tools:

IDEs
- VS Code (Available now)
- Visual Studio 2022 (now in preview, will be available by end of year 2022)
Tools
- WinDBG
- Git
Libraries
- VC++ Runtime Libraries (Now in preview)
- Many OSS libraries are and will be ported to natively target Arm64
Runtimes & Frameworks
- .NET 6 (Available now)
- .NET 7 (Now in preview, will be available by end of year 2022)
- OpenJDK Java (Available now)
- Python, Node JS (Porting underway)
- CLANG/LLVM, GCC (Porting underway)
Cloud services
- Azure Arm VMs (Available now)
- Stand-alone Runner Agent (Details coming late summer 2022)
- GitHub & Azure DevOps cloud hosted CI/CD (Details to follow)

More Info:

Windows Dev Kit 2023 update history
A critical review: Microsoft Made an Arm-based Mac mini
„…The Dev Kit uses more energy to do half the work of a Mac mini…“
Android Authority: What is Windows on Arm? Everything you need to know
Petri: Windows on Arm – Does Project Volterra Solve the Performance Problem?
For UEFI screenshots see: Project Volterra – ARM Desktop
To boot into UEFI a monitor must be connected via the mini DP port.
reddit :
- Surface Pro X forum
- Microsoft Windows on ARM
PCWorld: Microsoft Surface Pro 9 (5G) review: An Arm tablet actually worth buying. Includes some performance tests with the Dev Kit’s CPU.
reddit: Reviews of the Surface Pro 9 are out
Volterra First Look | Windows Dev Kit 2023 Tests
Testing „Volterra“ — Microsoft’s Windows Dev Kit 2023 ARM PC
Windows Dev Kit 2023 as HTPC [Media PC on Windows ARM Processor]
Heise.de: Mini-PC mit ARM-CPU: Microsoft Windows Dev Kit 2023 für Entwickler

Image source: Jeff Geerling Testing Microsoft’s Windows Dev Kit 2023

I bought my Dev Kit PC in the German MS Store. It was delivered within two days.
When ordering, one must accept a no refund policy. I doubt this is legally binding with German online shopping consumer rights, but one should expect difficulties, when trying to return the machine.

The Dev Kit PC comes with a 2 year warranty. For hardware or warranty support you can create a support request on the Support for business services hub page.

You can order a replacement for a defective device via your MS account under Devices.

My setup experience

The Dev Kit PC comes without any user manual. There is only a leaflet describing the buttons and ports – with a link for more detailed information at Microsoft Learn: aka.ms/arm-dev-kit-tools. This is totally sufficient for me.

Windows 11 Pro and Office Apps are preinstalled.

The display on my monitor was garbled when connected via a mini DP to DP cable, but readable enough to go through the Windows configuration. I later switched to a passive mini-DP to HDMI(*) cable and then to USB-C. Windows setup might also work with a monitor connected via USB-C, but it will take about 25s before anything is visible.

Completing the basic Windows setup was quick and easy. For my complete typical Windows setup, see My Windows 10/11 Setup.

To be able to completely reset the PC in the future I made a copy of the Windows serial number, see ‚System, about‘. If needed, a Windows recovery image for the Dev Kit PC can be obtained here: https://support.microsoft.com/en-us/surface-recovery-image. Don’t select a product there! Only enter the Windows serial number.

Here my office workplace with the Dev Kit ARM Mini-PC in the back, standing upright in the back – I hope this positioning does not cause thermal problems:

My current home office setup with the Windows Dev Kit ARM Mini-PC

Her my current office workplace with a Huawei Huawei MateView 28″ 3:2 3840×2560 164 PPI monitor.

My single monitor workplace with the beautiful Huawei Huawei MateView 28 monitor.

The incredible amount of cables I removed when switching to the Dev Kit PC unplugging my old tower PC – only connecting to it via RDP now:

Compatibility

Boxcryptor(*) works fine. This is a pleasant surprise, as I consider zero-knowledge encryption of cloud data a must-have, see Thoughts and Experiments on Cloud Encryption and Datenschutz (Ende-zu-Ende Verschlüsselung, …). Boxcryptor installed and configured without any hitches. Even Windows indexing of the (decrypted) x: drive works – after setting ‚Enable Windows search‘ in Boxcryptor advanced settings and adding x: to Windows indexing. [In Nov 2022 BoxCryptor was sold to Dropbox. I don’t know if and when Dropbox will offer good and safe E2EE encryption. The alternative Cryptomator does not support Windows on ARM.] For E2EE private files in the cloud I moved to Tresorit which works fine on ARM .

My Brother HL L2340DW printer(*) was detected via WiFi and works without installing any drivers – albeit printing is very slow because of long pauses between pages. As a workaround I print long documents from my smartphone.

~~Inserting files as printout is not supported in OneNote for desktop.~~ Fixed with Windows Sept. 2023 update KB5030310.

The Logitech X300 wireless speaker(*) and my old Microsoft LifeCam Cinema(*), including their microphones, work fine without installing any drivers.

The external Thinkpad keyboard(*) and MS compact mouse(*) work fine. They are connected to the USB-Hub of the Samsung Monitor. I use a Thinkpad keyboard to make switching between my desktop and Thinkpad notebook easier.

The simple and cheap Inateck USB C 7-port Hub(*) works fine.

Firefox, my preferred web browser for researching stuff (see Recherchieren – Warum, Wie und Womit), works fine with the newest updates after some initial hiccups. All my FF add-ons work fine too.

Windows Sandbox works, but its Performance barely acceptable and unpredictable. I experience frequent hangs when web browsing, which can only be fixed by restarting Sandbox.

Casting audio and video to my Google Home devices including my Panasonic TV works fine using Chrome and Edge browsers.

Portfolio Performance works fine. This is a Java app!

AusweisApp2 (App to authenticate using the German identity card) works fine.

cyberjack RFID standard USB smart card reader works fine after installing its ARM drivers.

Sysinternals Suite works fine. There is an ARM version! Did not try all tools.

Macrium Reflect refuses to install with an ARM CPU.

OSCAR, a tool to analyze data from sleep apnoea devices refuses to install with an ARM CPU.

Backup workarounds:

To create a backup image of my Windows configuration I use the built-in Windows Tool WBAdmin:
wbAdmin start backup -backupTarget:E: -include:C: -allCritical -quiet
This backup can be restored via restarting from within Windows via
System > Recovery > Advanded startup
or by booting from a Windows recovery drive.
Then select:
Troubleshoot > Advanced options > See more advanced options > System Image Recovery
My Windows system drive C: and my backup drive E: are Bitlocker encrypted System Image Recovery asks for both Recovery Keys – even for the backup drive, which is encrypted via Bitlocker To Go, it wants the key not the password!
I have not tried an actual restore yet – but at least Image Recovery finds the image backup.
BTW: Even from image backups one can restore single files: simply mount the image VHD file via Disk Management.
As an alternative I bought an external NVMe Enclosure(*) to clone my Dev Kit SSD using an Intel machine. Have not tried this yet
I am evaluating Zinstall FullBack. FullBack does not use disk imaging/cloning, but might be just what I need: a local, encrypted and ransomware protected backup allowing to restore my files and Windows settings to previous states.
I do not trust EaseUS.

My preferred VPN Private Internet Access does not support Windows on ARM. For my desktop PC this is not so important.

Could not get my ScanSnap iX500(*) Scanner to work with Windows 11 ARM. The SW does install fine, but does not recognize the scanner via USB or WiFi. Sadly it also does not work with Hamrick’s VueScan . As a workaround I configured a WiFi connection to the Scanner with an Intel machine and use it with the ScanSnap Android app on my Pixel phone or connected via USB to my Intel notebook.

I assume that most utilities and drivers for Scanner and (multi-function) printers that implement configuration options and features will not work until the makers supply ARM drivers.

Problems

The NPU based experiences „Studio effects“ (Automatic Framing, Portrait Blur, Eye Contact, Voice Focus) are not available on my Dev Kit PC using Windows 11 version 22621.1485. I did not find any info they should be available or if there are any prerequisites.

May 7, 2023: Currently one cannot re-install the ARM version of OneDrive because MS does not offer a download. A OneDrive reset messed up its settings, no longer allowing to add both my Personal and Business Account. Because MS offers no download of the ARM version, I am using the 32-bit x86 version now.

Printing to my Brother HL L2340DW(*) is very slow – there is a long pause between pages. On Win10 Intel it prints fast without pauses between pages. The ‚Start printing immediately‘ setting is not the problem, as I use this on all my installations. Win11 ARM currently supports this printer only via WiFi not via USB.

All my three different monitor models do not work properly, especially when connected via the mini DP port.

The Samsung S27A850D display is garbled with many DP cables. I tried four different mini DP to DP cables. This passive mini-DP to HDMI(*) cable and this active mini DP to HDMI adapter(*) works best.

Garbled display when monitor connected via mini DP

My new Huawei MateView 28 monitor works with the above-mentioned passive mini-DP to HDMI cable, but because of HDMI limitations mouse and keyboard do not work with the monitor’s USB ports and the refresh rate is limited to 50Hz, which does not bother me.

All my monitors frequently turn off/on, which can sometimes only be fixed by hard rebooting the PC.

Windows Sandbox crashes when maximizing its Window. This is 100% reproducible. Might be related to the uncommon resolution 3840×2560 of my MateView 28 monitor.

~~All my monitors sometimes got to sleep while I am working. The only fix is restarting the Dev Kit PC remotely or unplugging the power.~~ Fixes with June 2023 firmware update.

Firefox frequently hangs with a display driver restart. To fix I had to kill Firefox – sometimes only a Windows restart helped. This has gotten better: currently FF recovers automatically after some seconds.
MS business support case#: 2303061420000492
Bugzilla Bug 1798465

My monitor’s built-in speaker frequently stops working. This only occurs when connected via USB-C not when connected via miniDP.

~~The Dev Kit PC sporadically looses the WiFi connection to my Brother printer.~~ Solved: This was not a connection problem. Somehow the paper size in Windows printer settings was set to letter instead of A4, even though in Windows setup I selected Germany as locale.

I did not find a good solution for scanning. Simply using MS Lens on my phone is not a good option, because I like the multi-page scanning and quality of the iX500. Currently I use the ScanSnap app on my Pixel phone or my scanner connted to my Intel notebook.

The Dev Kit PC does not charge via USB-C.

I experience Windows Hardware errors about every 3 days. The event log shows Windows desktop manager restarts followed by display driver resets at these times. Changing ports and cables did not help. This may be a Windows hardware or display driver problem or a Firefox bug. The MS diagnostics toolkit does not run on the Dev Kit PC, even thought it supports the Surface 9 ARM with the same hardware. Here the reliability monitor status of my current machines:

~~I had a few File Explorer crashes~~. No longer happens.

Sporadically after wake from sleep my monitor resolution is not detected properly (instead of 3840×2560 something like VGA seems to be used). This can only be fixed by hard rebooting the PC.

Wishes

USB-C charging, Thunderbolt 4 ports. For the reasoning behind using standard USB-C ports see Microsoft Surface Pro 9 (5G) review: An Arm tablet actually worth buying.

Status feedback via LED blinking when booting the Dev Kit PC: After pressing the power button the white LED turns on and then there is no additional feedback until the Windows Start screen shows. Especially with monitor problems one does not know what is going on.

~~MS should document the mini DP special cabling requirements.~~
They do now. But this does not solve the mini DP port problems.

Résumé

For me personally, the Dev Kit Mini-PC currently is the perfect office desktop PC, especially from a value for money perspective. It just came at the right time, as I am currently downsizing to a more minimalistic lifestyle: smaller apartment, less and simpler hardware and less and simpler travel gear.

The Dev Kit Mini-PC is surprisingly small – which I really like. The performance is totally sufficient for all my office tasks. I never play games or do video editing, thus I know nothing about performance and app compatibility in these areas.

This is the quietest PC (Desktop or Notebook) I ever had. The fan usually does not run at all and when it runs, there is just a little low-frequency hum – not the high-frequency hissing noise of notebooks. I assume the fan only exists to prevent throttling. I did not experience any coil whine.

In contrast to my old desktop PC with the Dev Kit PC when waking up my Outlook inbox is immediately up-to-date and Windows updates are installed. I assume this comes from supporting the sleep state „Standby (S0 Low Power Idle) Network Connected“ and Windows Modern Standby. My 4y old Thinkpad X1 Tablet notebook supports this too.

I cannot generally recommend it for office use because of the questionable future of Windows on ARM (considering the developments by AMD and Intel), the display port problems and missing drivers for peripherals like printers or scanners. I don’t see any benefits of the ARM versions that are convincing for „normal“ users: yes, a little longer battery life, maybe a quieter machine, but still no real instant-on (MS does advertise this feature, but the Dev Kit PC does not work instantly as a smartphone does). I don’t understand the rationale behind the Dev Kit PC as a device to test ARM apps. Devs want to test their apps in an environment the users work in, which for ARM devices means a mobile, device with a directly attached touch screen, running on battery – none of which the Dev Kit PC offers.

However, my past assumptions about the success of technologies were often completely wrong – even in SW development, my field of expertise. E.g. I did bet on the Windows Phone and UWP and many years ago on the BiiN fault tolerant computer, jointly developed by Intel and Siemens.

[ *) This post contains affiliate links]

Start Windows Sandbox with Preinstalled Apps

August 22, 2022 / AlterNomade / Keine Kommentare

Windows Sandbox is a standard Windows feature, providing a lightweight desktop environment (Windows virtual machine) to safely run applications in isolation. In a Sandbox you can safely test apps or browse „unsafe“ websites. In contrast to „normal“ VMs Sandbox starts quickly, e.g starting Sandbox and installing Firefox takes less than 30 sec on my notebook.

Windows Sandbox comes preinstalled with Windows. One must only manually enable it via „Turn Windows Features on or off“.

One of the main features of Windows Sandbox is that it erases all state when closing. While this ensures not leaving any traces on your host machine, I find it cumbersome having to install commonly used apps every time I start a Sandbox.

To automatically install apps when starting Sandbox, I use the <LogonCommand> of a Windows Sandbox configuration file to run installers at Sandbox startup.

Sample .wsb file, installers and links Download

[ToDo: Experiment with the winget installer]

Using Ninite Installer

The free Ninite installer is the fastest installer option and provides unobstrusive status info with a Sandbox LogonCommand and :

[BTW, I am using the paid Ninite Updater on my Windows machines to keep apps automatically updated. I especially like its minimalistic UX and installing most of my apps on a new machine with a single command.]

Select the apps you want on the Ninite website
Download the configured installer
Make the installer available in Sandbox
1. Set <HostFolder> to the folder containing the installer
2. <SandboxFolder> defaults to Desktop!
Set the installer to run via <LogonCommand>
Simply run the .wsb file to start Sanbox and install your apps

The following .wsb file starts Sandbox and automatically installs Firefox and 7-ZIP via Ninite. It gives the Sandbox 6GB RAM too.

<Configuration>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Tools\SandboxConfig</HostFolder>
      <SandboxFolder></SandboxFolder>
      <ReadOnly>true</ReadOnly>
    </MappedFolder>
  </MappedFolders>
  <LogonCommand>  
		<Command>"C:\users\WDAGUtilityAccount\Desktop\SandboxConfig\Ninite 7Zip Firefox Installer.exe"</Command>
  </LogonCommand>
  <MemoryInMB>6144</MemoryInMB>
</Configuration>

Ninite status info while installing apps in Windows Sandbox

Using RuckZuck Installer

If Ninite does not offer the apps you need, the RuckZuck installer might do, see the RuckZuck app catalog.

The following .wsb LogonCommand uses RZGet to install Brave and 7-Zip:

 <Command>C:\users\WDAGUtilityAccount\Desktop\SandboxConfig\RZGet.exe install /verbose "Brave" "7-Zip"</Command>

Using Chocolatkey Installer and PowerShell Script

If you need more install features or more control, you can run Chocolatkey via a PowerShell script as LogonCommand.
Doing More with Windows Sandbox describes a complex Sandbox configuration using PowerShell.
To install Chocolatkey via Powershell use:

Set-ExecutionPolicy Bypass -Scope Process -Force
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

By default Windows Sandbox does not allow PowerShell scripts to run. My scripts do not disable this restriction generally, they only bypass it for their execution.

To force showing the PowerShell output of the Sandbox LogonCommand I start a PowerShell from within PowerShell [found no cleaner solution].

.wsb file starting a PowerShell script:

<Configuration>
  <MappedFolders>
    <MappedFolder>
      <HostFolder>C:\Tools\SandboxConfig</HostFolder>
      <SandboxFolder></SandboxFolder>
      <ReadOnly>false</ReadOnly>
    </MappedFolder>
  </MappedFolders>
  <LogonCommand>    
		<Command>powershell -executionpolicy bypass -command "start powershell {-noexit -file C:\Users\WDAGUtilityAccount\Desktop\SandboxConfig\InstallChocoAndApps.ps1}"</Command>
  </LogonCommand>
  <MemoryInMB>6144</MemoryInMB>
</Configuration>

PowerShell script installing Chocolatkey and apps:

Set-ExecutionPolicy Bypass -Scope Process -Force

$ElapsedTime = [System.Diagnostics.Stopwatch]::StartNew()

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

choco feature enable -n=allowGlobalConfirmation

choco install brave
choco install firefox 
choco install 7zip 

Write-Host "Elapsed Time: $($ElapsedTime.Elapsed.ToString())"

Exit