RedStone 3 Changes in Windows 10

In the previous articles, we heard and learned a lot about Windows 10 and its new features in Redstone 3, a.k.a. the Fall Creators Update. But besides the already mentioned new security, deployment, and UI changes, there are dozens of other new features and changes included. Let's pick some of them and look at them more closely. In this article, you will learn about:

OneDrive – file on demand
Task Manager's GPU usage graph
No SMB1
Ubuntu, openSUSE, and Fedora available as a Linux subsystem
The new features of Microsoft Edge
New Google Chrome to Microsoft Edge migration feature
Hyper-V improvements
Changing network profiles from the GUI
Improved Storage Sense feature
Microsoft Fluent Design
The My people app
Eye tracking
Controlled folder access

OneDrive – file on demand

One of the most missed features of the old OneDrive was file on demand, where a stub of a file in the cloud was present in your folder view, but didn't take up the space of the original. When you opened it, it downloaded on demand. Microsoft removed this feature some time ago for unknown reasons to many user complaints and frustration.
I am happy to say it has made a return! Now we can see our whole OneDrive contents without having the entire library on disk.

Task Manager shows GPU usage graph

An interesting development in Task Manager is the additions of GPU performance information. Now data scientists and gaming enthusiasts can understand the usage of their graphics devices in real time and in performance logging. This should help those purchasing hardware resources for gaming and help data scientists also make more intelligent decisions on those purchases.

Observe that Windows also indicates an amount of shared GPU memory with the OS, in addition to giving dedicated memory information, driver version and date, and overall utilization. The graphs for computer, copy, video, and so on are all interchangeable when you have multiple GPUs as well.

No SMB1

In the wake of several high-profile malware events, it comes almost as no surprise that SMB1 is not enabled by default. The security vulnerabilities, in addition to the serious performance problems with the now-ancient file transfer protocol, are enough to push this over the edge. Undoubtedly, some enterprises will be running ancient file services (filer appliances that were never updated, old OS installs that can't be upgraded, and so on--the skeletons in the enterprise closet so to speak). And for those, enable away I suppose. Or maybe join the 2000s finally and leave them off.
For those who are not convinced, from Microsoft's own Ned Pyle, who owned SMB for some time as a PM:
When using SMB1, you lose key protections offered by later SMB protocol versions, such as:

Pre-authentication integrity (SMB 3.1.1+ https://blogs.msdn.microsoft.com/openspecification/2015/08/11/smb-3-1-1-pre-authentication-integrity-in-windows-10/): Protects against security downgrade attacks.
Secure Dialect Negotiation (SMB 3.0, 3.02 https://blogs.msdn.microsoft.com/openspecification/2012/06/28/smb3-secure-dialect-negotiation/): Protects against security downgrade attacks.
Encryption (SMB 3.0+ https://blogs.msdn.microsoft.com/openspecification/2015/09/09/smb-3-1-1-encryption-in-windows-10/): Prevents inspection of data on the wire and MiTM attacks. In SMB 3.1.1, encryption performance is even better than signing!
Insecure guest and blocking (SMB 3.0+ on Windows 10+ https://msdnshared.blob.core.windows.net/media/2016/09/2016-09-14_17-15-54.png): Protects against MiTM attacks.
Better message signing (SMB 2.02+ https://blogs.technet.microsoft.com/josebda/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2/): HMAC SHA-256 replaces MD5 as the hashing algorithm in SMB 2.02; SMB 2.1 and AES-CMAC replaces that in SMB 3.0+. Signing performance increases in SMB2 and 3.

Ubuntu, openSUSE and SUSE LSE available as Linux subsystem

Ubuntu, openSUSE, and SLES all make debuts as Linux subsystem plugins. It's a nice feature that these are enabled via the Windows Store, making updates, installation, and removal a breeze.

One still must enable the Linux subsystem in the Windows features tool, but once that is done, installation from the store just takes a free purchase and agreeing to a license.

New features of Microsoft Edge

As already described in the security chapter, Microsoft Edge got a whole bunch of new security implemented. But also the UI was refreshed and got a new modern appearance in the browser frame inspired by the newly introduced Fluent Design System. Button animations were improved to feel more responsive and delightful. And some helpful shortcuts were added to the menus. Opening and closing tabs in Microsoft Edge now feels much smoother, without lag.
Now when right-clicking on an tab, you have a new entry called Add tabs to favorites. With this menu item you can bookmark all currently opened web pages at once. It will create a new folder inside Favorites and bookmark all tabs from the current window:

Favorites URLs are now directly editable by right-clicking on a favorite link. To get your Microsoft Edge to full-screen mode, you can press F11 key or the mostly unknown combination of Shift + Windows + Enter. In 1709, a new option in the UI next to the Zoom options was added to bring your Edge to full screen with a mouse click.

One ability from Internet Explorer was fairly missed: the possibility to pin websites directly to your task-bar. With Windows 10 1709, this option is now available via Settings: Pin this page to the task bar.
The EPUB eBook reader integrated into Microsoft Edge has been upgraded. It allows you to annotate EPUB eBooks. You can add comments, underline, and highlight. You can draw in your eBook and you can select and copy text. Reading progress and personal annotations are synchronized between your devices if Microsoft account sync is enabled. If Cortana is enabled, you can ask Cortana for more information about the selected text.
The PDF viewer available in Microsoft Edge has also been enhanced. A table of contents can be displayed, helpful especially for long PDF documents. Also, features from other PDF readers such as filling in PDF forms, saving forms, and printing them are now available. You are now able to write with a stylus inside a PDF. And for a better readability and viewing experience, you can rotate and adjust the layout of PDFs. Again, if Cortana is enabled, you can now use the Ask Cortana feature inside PDFs like in the EPUB eBook reader.

New Google Chrome to Microsoft Edge migration feature

In previous versions of Microsoft Edge, the import favorites feature was mainly limited to importing from Internet Explorer. The feature was improved and now supports importing bookmarks, browsing history, cookies, passwords, and compatible settings from Google Chrome. To access this feature, click on the Favorites symbol and in the appearing dialog on Yes, let's go. If you closed this dialog before, you can find the option under Settings | Import from another browser:

Next, Microsoft Edge will present you with a list of all supported and detected or installed browsers. You can select Chrome but, at the time of writing this chapter, there is no option to select single parts such as only bookmarks and passwords to import. You have to import all settings:

After successful import, you will see All done! and View imported favorites below your Import button:

Hyper-V improvements

The Hyper-V configuration version was increased to 8.2, and with that increase there are some new features within Hyper-V in the Fall Creators Update.

Virtual battery support for Hyper-V: When using Hyper-V on laptops, your guest OS was always agnostic about the state of your battery. Hyper-V can now expose a virtual battery to virtual machines. When enabled, you can see your host computer’s battery power state inside your guest virtual machines.
New Hyper-V easy export: Exporting a virtual machine Hyper-V no longer uses an XML file for configuration information since 1703 but the new binary VMCX file. The improved VMCX file now includes information about network configuration also, and you can easily import VMs now with the use of the VMCX, including the necessary virtual switch configuration. This VMCX feature is also used for the new sharing feature, which additionally compresses your files:

New Hyper-V sharing feature: The virtual machine connection window toolbar has a new icon on the right side called Share.

Moving virtual machines to another PC is made easier with this new VM-sharing feature. To speed up the process and reduce the size during transport, your VM will be compressed. It will compress the virtual machine files and all its configuration into a single .vmcz file. On your destination PC running Windows 10, you can double-click on this file to start easy-importing the virtual machine. As described in the easy export section, this file will also include network information.

Revert VM enabled by default in Hyper-V: Hyper-V already had for some time a feature called Revert VM a.k.a. Checkpoints, but it was disabled by default. Hyper-V now automatically enables the Checkpoint feature with the Standard checkpoints option for every new VM and creates snapshots of your VM. The green Revert icon will be now available by default and no longer grayed out due to unconfigured checkpoints. A snapshot is taken on every start of your machine or when you manually create a checkpoint within a right-click context menu in Hyper-V Manger. Now you can easily revert your VM’s state. If you do not want this revert feature enabled, go to Settings | Checkpoints and uncheck enable checkpoints.

Change of network profiles in GUI

Only a minor, but very comfortable, change in the UI is the new option to change network profiles inside your network settings. Users and Administrators can access it under Windows Settings | Network status change connection properties:

This is a much easier way to change between Public and Private network profiles. Furthermore, the Wi-Fi connection panel has some new right-click quick-action menus such as Connect, Disconnect, View Properties, and Forget Network.

Improved storage sense feature

The Storage sense was introduced for the first time with Windows 10 1703 and now gets some new options. You can now enable storage sense to run automatically when running low on disk space (by default enabled). The section on which files to clean up now has a new (by default unselected) option to delete files in your Downloads folder not changed in 30 days:

The Free up space now section has a new option to clean up previous versions of Windows. It is an additional ways of deleting your Windows.old folder. It is still automatically deleted after 10 days, or you can delete it with the Disk Cleanup (cleanmgr) tool.

Microsoft Fluent Design

The Microsoft Fluent Design system brings new APIs and animation engine, running in a separate process from the Universal Windows Platform (UWP) app. This will enable developers to create interfaces that achieve quick and fluid motion at a consistent 60 frames per second. The same capability will be available on lower-spec IoT devices as well as topof-the-range gaming machines.
This will enable new sensory experiences for user interfaces, providing new capabilities for input controls and methods, such as 3D touch, gaze, and virtual reality, to interact with custom animations in a dynamic and responsive way, without requiring huge compute power.

My people app

My people is a new feature that is intended to allow users to gain a deeper interaction with a few of their key contacts in new ways. For example, messages being received via SMS and appearing on the desktop, enabling interaction with emails, and allowing responses via another app such as Skype are all brought together in a single view. The solution provides a quick method of sharing content with the contact through simple drag and drop or through new context menus. It works by combining some of the key features from other apps, such as Contacts, Mail, Skype, and OneDrive, to achieve the following:

View multiple communication apps together that are filtered to each person on your taskbar.
Select the app you want to use to chat and Windows will remember for next time.
People-first sharing: You can either drag and drop files onto the contacts in the taskbar to share via email or share directly with a contact via the share picker.
Pin your people to the taskbar: Windows will suggest some to start with, or you can pick your own:
See emoji from your pinned contacts: When receiving emoji from your pinned contacts, you can watch them appear and animate right from the taskbar
Notification badges: Pinned contacts display a counter if there are unseen messages

These features will grow in time to make communicating with your favorite people simple and faster.

Eye tracking

The ability to track the eye movement of the Windows user provides potential benefits for new user interfaces that can empower people with disabilities and create new experiences for gaming and other application interactions.
Eye Control can be used to carry out the same tasks that were previously accomplished with a keyboard and mouse. To enable this functionality, the PC will requires a compatible eye tracker, which may be built into the existing camera or available as an additional piece of hardware:

Eye control launchpad: When you turn on Eye control, the launchpad will appear on the screen. This allows you to access the mouse, keyboard, and text-to-speech and to reposition the UI to the opposite side of the screen.

Eye control interaction model: To interact with the UI for Eye control, simply look at the UI with your eyes until the button activates.
Eye control mouse: To control the mouse, select the mouse from the launchpad, tracing your eyes on the screen where you want the cursor to be placed, fine tune the position, and select what action you want to take (left click, double click, right click, or cancel).
Eye control keyboard: To use the keyboard, select the keyboard from the launchpad, and pause at the characters you want to type.
Eye control shape-writing: Type faster with your eyes by shapewriting on the Eye control keyboard. You can form words in the same way you would with a finger on a touch screen; by pausing on the first and last character of the word, and simply glancing at letters in between. A hint of the word predicted will appear on the last key of the word. If the prediction was incorrect, you can simply select an alternative prediction provided.
Eye control text-to-speech: To use text-to-speech, select text-tospeech from the launchpad. From here, you can use the keyboard to type sentences and have them spoken aloud. At the top are phrases that are spoken aloud immediately and can be edited to say different words. This uses the default text-to-speech voices, which can be changed in Settings | Time & Language | Speech | Text-to-speech.
Eye control settings: Access settings from the Fn keyboard page to adjust the dwell times, turn on/off shape-writing, and turn on/off the gaze cursor used to test hardware calibration.

This solution is going to provide some great opportunities for changing the way we interact with computers; give it a try and see which scenarios work best for your users.

Controlled folder access

The new Controlled folder feature is designed to protect against malware and ransomware that may attempt to encrypt all accessible files. This feature is designed to only allow specific apps to access and gain read/write permissions to specified folders. When enabled, the feature monitors a default list of folders, such as the Desktop, Pictures, Videos, and Documents folders, and others can be specified as required. If an app attempts to make a change to the files in these folders and the app is blacklisted by the feature, you get a notification about the attempt.
To enable Controlled folder access in Windows 10, you need to perform the following steps:
1. Open the Windows Defender Security Center.
2. Click on the Virus & threat protection icon.
3. On the next page, click on the Virus & threat protection settings link.
4. Enable the option Controlled folder access.

5. Now, click on the Protected folders link below the Controlled folder access category.
6. On the next page, click on the + add a protected folder button. Browse for the folder you want to protect with Controlled folder access.
You can also define which apps are allowed to access the protected folders. To define apps, click on the Allow an app through Controlled folder access link below the Controlled folder access category, and add the app.
Eventually, all these settings will be configurable via PowerShell and group policy to ensure consistency across all Windows 10 computers on your network.

Summary

Besides these new features, there are a lot more minor and major improvements and new features in Redstone 3 a.k.a. Fall Creators Update to explore, but to describe them all would increase the size of the chapter a lot. To get an impression of what else has changed, here is a comprehensive list of additional things: