Enable Bitlocker on Windows Home without a Microsoft Account

Microsoft offers 2 mainstream versions of Windows - Home and Professional.  This goes all the way back to Windows XP, and continues up to Windows 11.  For the most part the differences between the two are minor.  Most people are going to be fine with Windows Home (which costs less than Pro).

There is; however, one feature difference between the two which is critical for everyone to understand - full drive encryption.  This is a feature that encrypts your drive, thereby protesting your data even if someone steals your device.  The Pro version of Windows has "Bitlocker" which encrypts the drive.  Home has a feature called "device encryption" which is basically Bitlocker but with 1 key difference.  Bitlocker (Pro) can be enabled for both local and Microsoft Accounts, but device encryption (Home) requires a Microsoft Account.  This is so annoying, on the one hand I want encrypted drives, and on the other hand I don't want to be forced into an online account.  And I don't always have the luxury of Windows Pro (it mostly depends on what the machine shipped with, which in turn is reflected in the original cost of the machine).  Wouldn't it be great if you could have Windows Home, enable drive encryption, and still use a local account?  Well it turns out you can!!!  This guide will show you how.

The short answer is - you need to log into a Microsoft Account, but only temporarily.  Let's walk though this step by step.  If you're reading this guide then I'm going to assume you are running Windows Home.  I'm also going to assume that you have a local account (you've used one of the many methods to bypass the requirement for a Microsoft Account).  To start, open a command prompt with admin privileges (right-click and select "Run as administrator").  Enter the command "manage-bde -status"  This command will print the current status drive encryption.  In the output look for the following:

Conversion Status:    Used Space Only Encrypted
Protection Status:    Protection Off

The conversion status "used space only encrypted" means the files on the drive are encrypted (the empty space on the drive is not encrypted).  But the "protection status" is off.  How can this be?  What this means is the drive is encrypted, but the decryption keys are stored in plaintext on the local drive.  So a casual attacker could not view your files, but a skilled attacker would know how to recover the key and decrypt your files.  With Windows Pro, Microsoft offers a way to save the key to a file which removes it from the drive and ensures total security.  But with Windows Home, the only place to save the key is in the Cloud.

To solve this problem, create a new account on your computer.  Use an email address so that it is a cloud account.  And make the account into an administrator account.  Then simply log into that account once.  At this point the encryption keys are moved from the local drive to the cloud.  Go ahead and log out of the Microsoft Account and log back into your local account.

If you re-run the manage-bde command from earlier you should see: 

Conversion Status:    Used Space Only Encrypted
Protection Status:    Protection On

As you can see, your drive is now encrypted and the recovery key is no longer stored locally.  Next, open a web browser and log into your cloud account at https://account.microsoft.com/account  Under "devices" click on your computer, then view more details about the device, and lastly under Bitlocker is a link to manage recovery keys.  From here you need to copy your key info and save it in a text file.  Don't be dumb, save the file to a drive other than the encrypted drive.  Maybe an external USB drive, a NAS, a thumb drive, or a printed copy.

At this point you just need to clean everything up.  Go back into Settings on your PC and you can delete the Microsoft Account you created.  You can delete your recovery keys from the online Microsoft Account.  You could even delete your entire Microsoft Account if you so wish.  You now have Windows Home with only a local account and device encryption is fully enabled!

Free C++ tools

I love programming in C++.  I have done some professionally for over 20 years now.  Even though C++ no longer has as much market share as it once did, now is the best time to learn C++ thanks to the availability of free and useful C++ tools.  There are so many free and useful utilities that learning and effectively coding in C++ is easier than ever.  Below is a list of my favorite free C++ utilities.

Visual Studio

Visual Studio has long been one of the best development IDEs, but what's amazing is how many improvements Microsoft is making.  They are not content to rest on their laurels.  VS2017/2019 are truly awesome platforms for development.  And with the introduction of the Community edition, the bulk of the features are available for free to everyone.  Microsoft has offered a free version of Visual Studio going to the Express edition of the early 2000s, but that version was so crippled it was of little use.  Community is so full-featured that only the most demanding of users would need to upgrade.  Microsoft is even expanding VS beyond Windows and branching into Linux and MacOS.

CppCheck

CppCheck is a free static code analyzer, meaning it inspects your code files looking for common mistakes.  CppCheck is surprisingly good at what it does.  If you run it against your code for the first time, you might be surprised at the problems and suggested improvements it finds.

Clang with the Clang Power Tools extension

Although I firmly believe that Microsoft's compiler is the best option for Windows, the Clang team is making significant improvements to their compiler.  That said, Clang does have at least one cool feature - ClangTidy.  Tidy is similar to CppCheck in that it analyzes your code looking for issues.  Unfortunately, Clang has no UI so it is not easy to use.  That's where the Clang Power Tools extension comes it.  It wraps the features of Clang in an ease to use UI integrated into Visual Studio.

VerySleepy
VerySleepy is a code profiler meaning you can analyze your code looking for performance bottlenecks.  I should point out that VS2017/2019 Community comes with a built-in profiler that is easy to use.  I would recommend Microsoft's profiler included with Visual Studio.  But if for any reason you can't use the Microsoft profiler, check out VerySleepy.

OpenCppCoverage and OpenCppCoverage extension

I'll end this list with the latest tool I've discovered.  OpenCppCoverage is a code coverage tool, meaning when you run it the tool checks which lines of code actually executed and which did not.  This is useful when testing your code, it helps you to find code that has gone untested, which means the potential for bugs is higher.  Visual Studio does have built-in code coverage, but only for higher paying customers.  The free Community edition does not offer this feature.  Fortunately this program and corresponding Visual Studio extension do a great job.

C++ virtual destructors, a modern take

Several years ago I created a post where I looked at virtual destructors in C++.  In that post I argued that all C++ classes should have virtual destructors, unless you specifically knew what you were doing and understood the risks.  I originally wrote that before I learned the many benefits of "modem" C++ (aka C++11 and newer).  Modern C++ introduces a few new changes that really improve the language, including changes to virtual methods and class inheritance.  So I would like to revise my suggestions for class designs in C++.

First, and most importantly, it is still a bug to derive from a class that does not have a virtual destructor.  As a developer it is your job to ensure you do not derive from a class with a non-virtual destructor.  At the same time, you should not write a class without a virtual destructor that allows someone else to derive from you.  But the great news is, modern C++ has a solution to both of these problems.


Deriving from a base class without a virtual destructor:
C++ has a new keyword called "override" that tells the compiler to generate an error if the virtual function you have created does not match a virtual function in a higher class.  For example:

class CDerived : public CBase
{
public:
    CDerived();
    virtual ~CDerived() override;
};

In this example "CBase" is the base class.  If CBase has a virtual destructor then this code will compile.  But if CBase does not have a virtual destructor this code will not compile!

The keyword "override" is one of the best new features of modern C++.  Any virtual function should be marked with "override" except the virtual functions in the base class which by definition cannot derive from something else since they are in the base class.


Creating a class 
If you create a class without a virtual destructor, that's fine but someone else might derive from your class without your knowledge or permission.  This would be a bug.  If only there was a way to prevent this from happening.  Good news, in modern C++ there is a way.  Use the keyword "final" to indicate that no class may derive from you.  For example:

class CWidget final
{
public:
    CDerived();
    ~CDerived();
};

In this example I can get away without a virtual destructor because no one could ever derive from my class thanks to the "final" keyword.



Given these new keywords, I would modify my original guidelines as follows.

1.  If you derive from another class, always use "override."
2.  If you create a new class, always use a virtual destructor unless both A) your class does not derive from another class and B) your class is marked with "final."  In this situation, none of your class methods should be marked as virtual.



A few interesting side notes.  First, "override" now supersedes "virtual."  You can use both keywords as I did above, or you can just use "override" which implies "virtual."

A second, more important note, is regarding defaulted destructors.  C++ allows you to omit the destructor, or you can explicitly declare a destructor but use the "default" keyword to omit the destructors definition.  In both cases, the compiler will by default generate a non-virtual destructor.  If you want/need a virtual destructor, write the code yourself (using override) or declare as follows:

virtual ~CWidget() = default;

Related to this last point, the following code is a bug:

class CBase
{
public:
    CBase();
    virtual ~CBase();
};


class CDerived : public CBase
{
public:
    CDerived();
};

Yes the base class has a virtual destructor, and you omitted the destructor so the compiler will generate one for you.  But the generated destructor will not be virtual thus leading to bugs.  To fix this add:

    virtual ~CDerived() override = default;

Synology wireless router update

About 1 year ago I posted a review of the Synology RT1900AC wireless router.  To sum up, it's a good router but I have had multiple issues with it over the years.

Most of the issues were Synology working out the kinks in the router.  Anyone today who buys the RT1900AC or its bigger brother the RT2600AC would no longer experience these issues.

However, the biggest and most annoying problem I experienced was the router not connecting to the Internet.  If the connection was broken for whatever reason (like a power outage), only about 50% of the time would it reconnect.  If it failed to reconnect, the problem could only be fixed by rebooting the router, often multiple times.

Well I have good news.  I think Synology has finally fixed this issue in one of their regular router updates.  Shortly after my initial review the problem went away.  It has been almost a year now and my router has not had an issue reconnecting to the Internet.  I know 2 other people with Synology routers and they have not experienced connection issues either.  This is great news.  I can now wholeheartedly recommend either of the Synology routers to anyone looking for a better wireless router.


In other good news.  Anyone who follows technology may remember back in October of 2017 they announced KRACK, a vulnerability that affected all hardware and software that used the WPA2 protocol; including Windows, MacOS, Linux, Android, wireless routers, etc.  Synology pushed a fix for KRACK one day after the announcement.  The only company I am aware that released a fix earlier was Microsoft which had secretly pushed a fix a few weeks earlier.  But Synology got the fix out to their customers faster than most major companies include Google and Apple.  Way to go Synology.  Oh, and many Linksys and Netgear routers were never patched, so they are still vulnerable.

Upgrade to Windows 10 for free!

Good news for anyone wishing to upgrade to Windows 10 for free.  When Windows 10 was first released Microsoft offered a free upgrade for all existing Windows owners.  This upgrade was convenient in that it was offered through Windows Update, so upgrade was relatively quick and painless.  Just walk away from your computer for an hour or so and come back to find Windows 10 installed with all your data and programs still on there.

However, this free upgrade offer was a limited time only, and that offer is no longer an option.  But I have good news, anyone with a valid activated copy of Windows can still upgrade Windows 10 for free.  The key is you cannot do an in-place upgrade but instead you must perform a fresh install.  This is actually my preferred way to upgrade to a new operating system.  Here's how you do it:

1.  You need your existing Windows license key.  This license key might be printed on a sticker attached to your computer.  If not, the easiest way to get your product key is to download and run the utility ProduKey.

2.  You need to obtain the Windows 10 installation files (ISO image).  If you Google for it you can find the download and media creation links direct from Microsoft.  Be aware, you cannot upgrade to any version of Windows 10, but you need to keep it in the same edition.  So if you currently have Windows 7 Home Premium you can install Windows 10 Home.  If you have Windows 7 Professional you can install Windows 10 Professional.

3.  Make a complete backup of your current system.  Again, this is a fresh install that will erase all your data, so don't forget to back up first!

4.  Install Windows 10 onto your computer, be sure to erase the existing copy of Windows and install a fresh copy.  If you are prompted for a license key, enter your existing Windows license key.  Many newer computers the license key is saved on the motherboard itself - if so, Windows will automatically detect this license key and use it without prompting you.

5.  After installation, verify Windows 10 is activated with a "digital license."

6.  Reinstall the programs you use and restore your data from the backup.

7.  After installation, follow these suggestions to configure Windows 10 so that it's usable.


I have used this technique twice to upgrade older Windows 7 systems to Windows 10.  I have not tried Windows 8.x, but I assume it works there as well.  However, older Windows XP and Vista license keys may not work since they are technically out of service.  Also, I cannot guarantee this technique will always work.  Microsoft could stop this at anytime, so proceed with caution.

Update: I can confirm this technique still works as of June 2018.  I have also learned that it does work with "Retail" license keys but not "MSDN" license keys.  A "retail" license key is one that came with a new PC or a legit copy of Windows purchased separately.  "MSDN" license keys are keys used by developers and IT professionals.  So as long as Windows came preinstalled on your computer this technique should allow you to upgrade to Windows 10.

Synology RT1900AC wireless router review

My review of the Synology RT1900AC wireless router would best be summed up as "the wireless router I so want to recommend, but just can't because of issues."

So first a little background.  Like most people I've had several different wireless routers over the past decade.  My previous two routers (Linksys and Netgear) I replaced them not because they were broken or too slow, but because a security flaw was discovered in the router that would allow someone on the Internet to compromise my network, and the manufacturer refused to release a firmware fixing the problem.  Most router manufacturers only support their hardware for a year or two, after that they want you to buy new hardware - what a waste and what a shame.

Now Synology is a company I've used for years, they are most well known for their excellent NAS (Network Attached Storage devices).  I have had a Synology NAS for many years and what I love about them is their support.  They release regular updates for their hardware, and they support their older hardware far longer than most companies would.

So in 2015 when Synology announced they were going to release a wireless router I was very excited!  Finally a company that would support their wireless router long term.  When the Synology RT1900AC was finally released in North America in early 2016 I was a very early adopter, purchasing my unit within 1 week of release.

Unfortunately I've had a number of issues since then and had to contact their tech support on multiple different occasions.  Here's a summary of the issues I've had:

1. I have a Raspberry Pi connected using wireless, but from time to time the connection would drop out.  The Raspberry Pi was connected using a very common "nano" wireless adapter.  After many emails with tech support on this I found a solution.  If I replaced the wireless adapter with a different one with a larger antenna, the connection issues went away.  What's frustrating about this problem, the Raspberry Pi was only about 2 feet from the RT1900AC, it should have had a strong signal.  Also, the same nano wireless adapter with my previous Netgear wireless router had no issues.  So something about the combination of this nano adapter and the RT1900AC did not work well.
2. When connecting to my home network remotely using VPN, I could originally access machines in my network but not the RT1900AC's management interface itself.  Tech support helped me get correct firewall rules in place to allow access to the RT1900AC.
3. When changing the firewall rules to allow access to the RT1900AC, it removed access to other machines in my network.  Neither tech support nor I was unable to find the problem, and I just gave up on VPN for about a year.  I did eventually get it working, continue reading for those details.
4. A few months ago Synology phased our support for their old VPN server package and replaced it with a new package called "VPN Server Plus."  Since the old VPN wasn't working for me, I ditched that and installed the new one.  When I went to enable OpenVPN it gave me this weird error about installing a certificate.  Tech support had never seen that error before and had no idea what to do.  I tried a factory reset and that fixed the OpenVPN certificate error.  Now using the new VPN server I'm finally able to access both local machines in my network and the RT1900AC itself.
5. Far and away the biggest issue I've had is not reconnecting to the Internet.  This happened to me the very first day I got the router and continues to happen to this day.  In short, if I reboot my router, there's a power outage, or my ISP drops my connection for some reason when the RT1900AC comes back up only 50% of the time will it reconnect to the Internet.  The rest of the time it won't connect, no matter how long I wait.  The router can be up for days in this unconnected state, it will never reconnect.  The only solution I've found is to reboot the router repeatedly under it does reconnent.  Sometimes I have to reboot the cable modem as well.  I've had it happen before where Internet drops and I literally reboot my router over and over for 2 hours before it finally reconnects.  Now I know this issue is Synology's, I have worked on enough networks to be able to diagnose this.  Working with tech support I rebooted my router a dozen times, and I think it reconnected 5 times and failed to connect 7 times (they analyzed logs from these attempts).  I then connected my Windows 7 computer directly to the cable modem and rebooted a dozen times.  Windows connected to the Internet all 12 times.  I've tried a factory reset, no change.  I've updated to every firmware as they release them, no change.  I purchased a new cable modem, no change.  Now I have a family member in other city with a RT1900AC and they have the exact same problem.  Synology even mailed me a replacement unit at their cost for me to try.  That unit experienced the same problem.  They have tried to diagnose this problem but cannot figure it out.  In the mean time I know of at least 2 people with this same behavior.  It's very frustrating, no one wants a wireless router that won't connect to the Internet.  What good is that?

Even though I've had issues with this router,  it's still a good router.  In fact, I would go as far to say it's better than most wireless routers.  But it's far from perfect and it definitely has not lived up to my very high expectations.  Many of the problems I've faced were fixed in software updates over the months.  But that network connection issue, if they could fix that I would wholeheartedly suggest anyone and everyone should buy this router.

I've spent most of this post talking about the problems.  But I did want to mention the good things about this router.

• Regular software updates.  Synology publishes updates about once a month.
• The web management UI is far and away the best web management UI.  Way better and more responsive than anything from Netgear, Linksys, etc.  I'm pretty sure they also have a phone management app, but I have not tried that.
• The router can support multiple Internet connections (e.g. both a DSL modem and a cable modem) and can operate them in either load-balancing or failover modes.
• Built-in support for 20 different DDNS providers, including Synology's own which works great!
• Can connect to the Internet via mobile 3G/4G with additional hardware.
• Very good parental controls/filtering as well as QoS and wifi priority.
• Tons of services like VPN, SSH, FTP, SFTP, SMB, etc.
• USB and SD card slots can function as lightweight NAS for your network.
• VPN server and VPN client with support for common providers such as OpenVPN, SSTP, L2TP, and PPTP.
• Additional packages such as media server to host media files for other devices on your network.

To sum up the RT1900AC router is a good piece of hardware that still has some bugs, and hopefully Synology is able to work out those bugs.  If you're a network power user and don't mind a little extra work, give it serious consideration.  If you're a regular user you might want to steer clear as you could be overwhelmed if you run into issues as I have.

How to make Windows 10 usable

[Updated 12/31/2018]

Recently I upgraded my computer to Windows 10.  Microsoft, for whatever reason, with every release of Windows completely changes things.  For no good reason they move stuff around and change things that weren't broken.  So here is a guide on how to make Windows 10 more like Windows 7, which makes Windows 10 usable.

• When installing Windows 10, if you have the choice select Windows 10 Enterprise.  Enterprise is nice because it does not come pre-loaded with all the Windows Store Apps that Home and Professional do.  So out of the box it's closer to Windows 7.
• Download and install Open-Shell (formerly known as Classic Shell).  Windows 10 does include a "start menu" which was removed in Windows 8, but it's no where near as good as the start menu in Windows 7.  Open-Shell restores that start menu in all its glory.  In fact, Open-Shell is even better than the Windows 7 start menu and works on Windows 7 too!  Spend a few minutes exploring all the settings in Open-Shell, you can customize it exactly how you want it.
• Download and run OldNewExplorer.  This extension fixes Windows File Explorer to the look and feel more like Windows 7.  When you run OldNewExplorer, click "Install" and then select the options you want.  Here are my settings:

• Download and install Explorer++.  Even though OldNewExplorer fixes much of the Windows File Explorer, it's still not as good as the Windows File Explorer in older versions of Windows.  That's where Explorer++ comes in.  This open-source program is a very good file manager.
• Download and install FileLocator Lite.  This program is free for personal use and it's a very good Windows file search program.  The file search in Windows 7/10 is horrible compared to Windows XP.  FileLocator Lite restores that Windows XP style search.
• Download and install Process Hacker.  Although Task Manager in Windows 10 isn't that bad, they did still change it from Windows 7 and I preferred the simple process view.  Process Hacker is a great open source tool that is very configurable.  It even has an option to replace the built-in Task Manager for keyboard and mouse shortcuts.  If neither the Windows 10 Task Manager nor Process Hacker work for you, give Process Explorer (also from Microsoft) a try.
• Windows 10, more than any previous version of Windows, sends a lot of data back to Microsoft.  Data like which apps you use, how long you use them, what websites you visit.  It even downloads data from Microsoft such as ads to display in Windows.  A program called ShutUp10 allows you to turn all this off if you want.  You can turn some things off and leave other things on.  I always run this on new Windows 10 machines.  I personally don't turn off all settings, some things like Windows Update I leave enabled.  But ShutUp10 does a great job of explaining each setting and even gives their recommendations as to enabled or disabled.
• If you want a "pure" desktop environment, remove as many of the Windows Store applications (formerly called Metro-apps) as you can.  This can easily be done using the following PowerShell script.  This script will remove all packages except A) those packages deemed by Microsoft to be required and thus cannot be uninstalled using any technique and B) the "Windows Store" package.  Strangely the Windows Store package is not marked "required" but if you remove this package you cannot install Windows Apps in the future if you want to.  Best to play it safe and leave this one package installed.  Save the following script as "RemoveApps.ps1" then run PowerShell as an administrator.  Then run the script.  If this is the first time you've run a PowerShell script on your system you might get an error.  If so, run this command "Set-ExecutionPolicy RemoteSigned" to allow the script to run.  Note, after you run this script there may still exist some Windows apps in the start menu, annoying things like "Candy Crush."  That's because these apps aren't actually installed, the Windows start menu puts them there as advertisements.  If you click on them the app is downloaded and installed.  You can right click and uninstall these annoying advertised apps.

# RemoveApps.ps1

$storepkg = (Get-AppxPackage Microsoft.WindowsStore).PackageFullName

$pkgs = (Get-AppxPackage *).PackageFullName
foreach($pkg in $pkgs)
{
    if($pkg -ne $storepkg)
    {
        Remove-AppxPackage $pkg
    }
}

$pkgs = (Get-AppxPackage -AllUsers *).PackageFullName
foreach($pkg in $pkgs)
{
    if($pkg -ne $storepkg)
    {
        Remove-AppxPackage -AllUsers $pkg
    }
}

• Right click on the start menu and remove Task View and Windows Store.
• Right click on the start menu and select Search | Hidden to hide the Cortana search bar.
• Select Settings | Personalization | Colors | and enable Show Color on Title Bar.  This adds color back to the application caption bar instead of the default plain white bar.
• Inactive windows in the background still have a white title bar.  Adding color to this helps it to stand out as a background windows.  Open regedit and browse to HKCU\SOFTWARE\Microsoft\Windows\DWM.  Create or edit the DWORD value AccentColorInactive.  Set it to the hex value for the color you want, e.g. 00c0c0c0 for 192 192 192 (light gray).
• Add my computer and network links to the desktop by selecting Settings | Personalization | Themes | Desktop Icon Settings and enable Computer and Network.
• Disable that annoying lock screen which forces you to "swipe" to login (which is annoying for keyboard and mouse).  Open the registry editor and ensure the following key and value exists:  Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\Personalization  Value: "NoLockScreen"  Type: DWORD, set to 1.  Update:  I have noticed not all versions of Windows 10 will honor this registry key, in particular Windows 10 Home and especially newer updates.  But after much trying I got this to work, even on Windows 10 Home Creators Update.  In addition to this registry key, you need to make a Group Policy change.  The trick is, Windows 10 Home does not include the Group Policy Editor, so you need to install that.  This website has a batch file you can download and run that installs the Group Policy Editor.  Then run gpedit.msc and browse to Computer Configuration | Administrative Templates | Control Panel | Personalization.  Find "do not display the lock screen" and change it to "enabled."  If you try and that and it still doesn't work, here's one final thing to check.  Browse to (or create if missing) the following registry key: HKLM\Microsoft\Windows\CurrentVersion\SystemProtectedUserData\<SID>\AnyoneRead\LockScreen.  There should be a DWORD registry value "HideLogonBackgroundImage" and set to 1.  Note, this last registry key is a system-protected registry key, you'll need to take ownership of the registry key in order to change the value.
• If you try and copy files to/from your Windows 10 machine using the admin shares, you might get access denied even when you enter valid credentials.  To fix this, open the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System then create a DWORD value "LocalAccountTokenFilterPolicy" and set it to 1.

These steps make Windows 10 very usable.  In fact, with these changes I think Windows 10 is better than Windows 7.  But without these changes Windows 10 is hard to use and navigate.