Archive for January 14th, 2015

Microsoft strikes again… I should think about OneDrive and how Microsoft handles my data. (Updated)

Wednesday, January 14th, 2015


are you using OneDrive by Microsoft? A new case in Germany demonstrates how secure OneDrive is…

I really like OneDrive and also Google Drive, maybe you are using it too to store photos and other data. For OneDrive i’ve now a very bad feeling and i hope Microsoft can clearify this.

What happens?

Microsoft seams to perform a scan for every file uploaded to your private OneDrive account, all these files seams to be verified with a hash database or/and something similar. So in the case that you’ve uploaded a file with the same hash like a child pornography picture you are in trouble? Regarding the reports US Law enforcement agencys will be informed about this and they will inform the law enforcement agencys in your country. A german OneDrive customer got a visit from the german police in this case.

A lot of questions… You have a daughter or a son and using OneDrive with the automatic Photo sync feature.. Bad luck if you sync a beach picture in your private picture folder? You upload a image that fit’s to forbidden content in the US to your private OneDrive area? Bad luck? Your childs using an own mobile and sync content to a account related to your Office365 account.. Bad luck? Some one hacked your account and upload “Bomb plans” to your private folder? Bad luck, you’re now in a US terrorist database by accident?

Microsoft is fighting for User rights but it seams that Microsoft ignore these rights at the same time… Crazy? What about foreign law? Microsoft can you please make this a little bit more transparent for customers incl. company customers please.. What happens if the OneDrive User is related to company?

All reports related to this are currently in german but you can translate it with Google translate or similar.

Report 1 Report 2 Report 3 and if you search for it you will find a lot of more.

Update: Here is the link to the original blog by the german lawyer Udo Vetter

If Microsoft believes that this will create any trust for customers in Europe they are wrong, companies and also private customers (like myself) really don’t like someone who scan files “in general” and just report this to any foreign law enforcement agency or who ever. It’s also not important if the file was child pornography (or what someone i don’t know at Microsoft/any unknown US Guy defines to be “forbidden” or to be a content of “interest”).. The fact that private files will be scanned by default and without any suspect of a crime is the issue.

I really hope for Microsoft that they will provide a very detailed statement for the general file handling with OneDrive.

…and don’t misunterstood me, i don’t want to protect any crime but how would you like if someone from a foreign Company came into your house without any reason or point of suspect and verify every private item in your house and you don’t know what they’re doing with it. People can sale the biggest “piece of sh*t” as long they tell you it’s for law enforment or to fight terrorism. Huh… “We only will watch the bad guys but not you..”, do you really believe it? Do you feel better if you thing “Heh.. They will watch only the bad guys!”, did you ask “Who is the guy that got unlimited access to my files?” and do you know what they’re doing with it at the end of the day? The truth is, the only things they sale is fear, hate and doubt.

Update: And if you believe you do nothing wrong and you have nothing to fear… In the year 2013 150 Million Adobe accounts were hacked and this is only one figure. Also there is a clear difference between public available content and private content, for example DropBox is known to scan files for copyright protected material but.. If i offer a copyright protected file as public content and the file will be scanned it’s fine but if iam a legel owner of this file and i put it into my “private” file area, is this file now also scanned or will someone else be imformed that i do a “license” violation? Why? Where do file hosters inform users in details what they’re doing with the data or not.. To be honest.. I’ve no clue and trust looks different.

If you are a European company and you want to host files in the cloud than place it in your own datacenter/your private cloud or a hosting company located in your area where you know the law and how this law protects your data incl. the people working for this company. Do the same for any Servers hosting confidential data; this is currently the only advice i can provide to a customer. News like this are really a killer for any “public” cloud offering like OneDrive, Office365 and Azure.



P.S.: This might also work for Google Drive or any other cloud storage provider in the US, but for OneDrive we’ve now a concrete case. The article is also written in a rainbow press style related to the content… How to tell someone that the way how it works is wrong in a more polite way?

Tip: Running out of storage? Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 2

Wednesday, January 14th, 2015

Hi Folks,

this is the second part of our “Slim down Windows 8.x and Windows Server 2012 R2 HDD use” series, the first part can be found here: Slim down Windows 8.x and Windows Server 2012 R2 HDD use Part 1

In this part we will get a closer look on Windows Server 2012 R2 incl. virtual Windows OS’s runinng on Hyper-V which is also available with Windows 8.1 Pro and Enterprise.


1) Compress VHD(x) files (in the right way)

You are using virtual Windows Systems together with the Hyper-V role or VHD boot to have multiple Windows systems available on a PC/Server?
VHD’s are available in different types, one is the dynamic mode and this is very common to use. Why? If you create a VHD with an size of 80GB in dynamic mode the VHD file size will be only a few MB. The VHD will increase the size everytime you add data to it and will max. grow to the defined size (in this case 80GB). But what will happen to the VHD if you remove content from it? Will the VHD size decrease? No… You need to run a compression to perform this task and most Users or Administrators are using the compression offered in the Hyper-V console. Is this a problem? For my point of view yes… In the Hyper-V console you can only run the compression for 1 VHD per Time and you have to repeats this for other VHD’s, boring right? Do you know that they are different compression types available? No? Of cause most people don’t know this because the Hyper-V console doesn’t offer any compression type selection and the “default” compression is not the most efficient one.

So what do we want to do… A simple command or script to compress all VHD or VHDX files in a folder with the best possible compression to gain the most possible free disk space. Here it is…

Attention: If using VHD(x) Boot do not use it for the used boot VHD, it will also not work for running VM’s and the current used VHD(x) files.

Command (Powershell, 1st line for VHDX and 2nd for VHD files):

Get-VHD *.vhdx | where {$_.VhdType -eq "Dynamic"} | Optimize-VHD -mode full

Get-VHD *.vhd | where {$_.VhdType -eq "Dynamic"} | Optimize-VHD -mode full

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on VHD(x) use
Can be used with WIM boot installation: Yes
Disadvantage: Installed Hyper-V role is required to run the command, it will not work for VHD(x) files used by runinng VM’s. Do never use it for a VHD(x) with existing snapshots or VHD(x) files that work as parent disk for one or more differencing disks (See 2,).


2) If running multiple VM’s on Hyper-V use differencing disks

You want to run several VM’s with the Hyper-V role? You copy always your Master VHD(x) for each VM? So one 80GB Master Disk is required for 5 VM’s and you have now 480GB used on the HDD? This can be done much lower storage demand by using differencing disks. To explain this a little bit more in details.. A differencing disk (aka as fast clone/linked clone for other Hypervisors) is some sort of a snapshot, so it will take the data from the Master Disk and will add modified or added content to the differencing disk. This means if you use Windows in this way all Windows files will come from the Master Disk, if you now install office to a VM that is using a differencing disk Office will be installed in the differencing disk but the Windows OS files are still coming from the Master Disk. For my sample it means.. If i create a 80GB Master Disk and based on this Master Disk i created 5 VM’s based on a differencing disk, the differencing disk size per VM is only 4MByte at the beginning. So i don’t use 480GB like shown in the sample, i use only 80GB + 5x4MB for the VM’s, you can reduce this even more if the VHD(x) Master Disk is a dynamic expanding disk (see also 1.).

Command (Hyper-V console, no commands available to complete the full task):
– Prepare a Master Disk by installing and configure a VM (don’t forget to run a sysprep in the VM if a Windows OS is installed)
– Delete the VM but not the VHD(x) file used by the VM to prevent changes to the Master Disk in the future.
– In the Hyper-V console (right site) click on “New”->”Harddisk” and follow the assistant, important for the VHD(x) selection.. The differencing disk must be the same type as the Master Disk.
– Select “Differencing” in the Harddisk Type selection and click on next.
– Select the Path where the differencing disk should be created and type in the differencing disk name and click on next.
– Select the Master Disk and click on next and confirm the task to create the disk.
– Now create a new VM and assign the fresh created differencing disk to the VM.
– Create more differencing disks/VM’s if required.

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: “Size of Master Disk” x “amount of VM’s”, applying Windows Updates to VM’s will decrease the saving by time.
Can be used with WIM boot installation: Yes
Disadvantage: Not recommended for production use by Microsoft! Do not change or delete the Master Disk or all related differencing disks will fail! I do use this only for VM’s that don’t require Windows Update (like Test environments), as more Windows Updates are installed to the VM’s based on a differencing disk as more space will be required for the differencing disks and as lower is the saving. Do never ever use this for Domain Controllers incl. CA’s / Exchange / SQL / Lync / Dynamics / Windows Storage / Sharepoint Servers, this is my personal opinion; it’s great to setup fast Test Systems / Web / Print or Terminal Server and to perform development/security audits to check/verify Software incl. load tests. Each differencing disk will highly increase the IOPS for the Master Disk, the Master Disk should be always placed on a very fast storage (SSD’s or similar).


3) Remove not used or required Windows components

We already got a closer look on the winsxs folder in Part 1 of this series, we already removed superseded files/updates but why not removing files that are not required? If you prepare a couple of Terminal Server, why should you keep files related to the IIS or the Active Directory Domain controller role in the Master Image? You’re right.. There is no reason to do this but still most Administrators are doing it.

Removing the components also reduce the Windows Update footprint because the removed components will not updated anymore.

Commands (commandline):
This command will show all available Windows components and the current use state, the command will create a feature.txt file in the folder where the commandline is executed. Why? It’s more easier to read a txt file with all these components than a simple commandline output:
DISM /online /get-features /format:table > features.txt

This command will remove a not used (active) component from the hard disk (open the features.txt file created with the first command to get the current state), in the sample i will remove DirectPlay from a Windows 8.x:
DISM /online /disable-feature /featurename:DirectPlay /remove

Commands (powershell):
If you want to remove all not active used components you can do this also with a simple powershell command, this is the hardcore way:
Get-WindowsFeature | where-object{$_.Installed -eq 0 -and $_.InstallState -eq 'Available'} | uninstall-windowsfeature -remove

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on amount of removed features
Can be used with WIM boot installation: Yes but mostly useless. Installing a component again will increase used space for drive c:
Disadvantage: Removed roles and features can not be installed without an external winsxs folder source once the files are removed/the above commands are executed. Execute the powershell command to remove all not used components only when you are really sure that you have finished the component setup for this system.

4) The simple way… Use the Microsoft Disk Cleanup Tool

In Part 1 i forgot to mention the “basic” tool, the default disk cleanup tool coming with Windows.

Commands (commandline):

Supported by Microsoft: Yes
Require Administrator Permission: Yes
Produced space on HDD: Depends on current data hold in Windows
Can be used with WIM boot installation: Yes
Disadvantage: Removed log files/data is not available anymore and maybe need to be recreated or can not be used for future troubleshooting as example.

This is the end of Part 2, maybe there will be a Part 3 (dealing with low-end tablet/low storage mobile cloud clients) but this depends on the available time and future ideas how to slim down a Windows.



P.S.: No warranty at all, if you have no idea what iam talking about don’t use any of these solutions. Don’t blame me if you crash your system.. Dealing with Windows and the components can be always tricky.