Scott Hanselman

How to set a Network to a "Private Network" in Windows 8.1

May 15, '15 Comments [16] Posted in Tools | Win8
Sponsored By

A while back Windows introduced this concept of public networks and private networks. Basically it comes down to a question of "do I mostly trust this network?" However, it's never been totally obvious how to change this back and forth. There's lots of posts on the internet explaining how, but most are pretty complex with a lot of steps.

The most common reason to want Windows to treat the current network as a Private Network is so you can have someone connect to your machine, either share files over SMB, or connect via Remote Desktop (RDP). I hit this issue probably once a month where I can't figure out why I can't see this machine over Remote Desktop, and it's because it thinks I'm on a Public Network.

One technique is to go to Network within Windows Explorer and try to get this yellow bar to show up.

Network Discovery and file Sharing are turned off. Network Computers and devices are not visible.

Clicking on it will give you a choice that isn't clear to Non-Technical Family Member.

Do you want to turn on Network discovery and file sharing for all public networks? NO

No is the right answer, always. But this is a bad dialog because it looks like a Sophie's Choice.

You WANT to treat THIS NETWORK - the one you are on - as a Private Network. Select No.

A better, clearer way to change a Network to Private Network

  • Press the Windows Key + W to search Settings.
  • Type "Network Connections" and Press Enter

Windows 8.1 Network Connections

  • Click on your Network
  • Turn "Find PCs and Content" to ON. This Network is now a Private Network.

Find Devices and Content

Don't believe me? Bring it up side by side with the Classic Network Center and watch it switch back and forth in real-time!

Switching a Network Private in Windows 8
Switching a Network Public in Windows 8

I hope this helps you out as much as it did me!

Sponsor: Big thanks to the folks over at Grape City for sponsoring the feed this week. GrapeCity provides amazing development tools to enhance and extend application functionality. Whether it is .NET, HTML5/JavaScript, Reporting or Spreadsheets, they’ve got you covered. Download your free trial of ComponentOne Studio, ActiveReports, Spread and Wijmo.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Setting up a VPN and Remote Desktop back into your home with a Synology (from an iPhone)

April 2, '15 Comments [27] Posted in Hardware | Open Source | Win8
Sponsored By

It's amazing that I can basically be my own IT Department. The kinds of things we can do in our homes as individuals with off-the-shelf hardware would have needed an IT Dept of a dozen just 10 years ago, ya know? Amazing.

I wanted to be able to VPN into my home and remotely access my machines and files. I do very much realize there are a lot of different options to do this, and have been for years. From GoToMyPc to Hamachi, again, there's dozens of ways. I wanted a VPN solution I could use on my iPhone/iPad and Surface. I wanted it to be standards-based and not require any additional software installations.

I have a a Synology 1511+ NAS appliance and I love it. It's not just a file server, it's an everything server, in my house. I use it for Plex, it hosts my files and photos, it manages my surveillance cameras and acts as a camera DVR, it runs a Minecraft Server, it's a Git server, it even runs Docker.

The Synology will act as my VPN server as well.

Here's how I set up four things. The Synology, my Router, my iOS device, and my Windows PC/Surface.

The result is I can now remote into my home and manage things from any device I own.

Setting up a Synology for L2TP VPN

First, in the Synology Package Manager, ensure that you've got the Synology VPN Server package installed and running.

Adding VPN Server on Synology

You should give some though as to which VPN technique you want to use. I decided on L2TP, although there is some concern the NSA has weakened it. Benefits are that it's on all major platform, it's generally considered secure, and it's easy to setup.

Select L2TP (or whatever you want), and Enable it. Notice also that I selected my INTERNAL DNS server. I found this worked best for me when trying to access internal resources. You can also setup a hosts file if you want to just hit a few things inside your house.

L2TP in Synology

Now click on Privilege. Just give the minimum privileges to the user that needs them. NO need to give VPN access to users who won't use it.

VPN Server in Synology

Setup your Router for VPN (L2TP)

My router is a Linksys WRT1900ac that I like very much. It supports port forwarding, and the Synology can often talk directly to a router and request open ports. However, there's something to be said for handling things yourself. It lets you know exactly what's going on, and it can be less of a "black box."

Login to your router and in this case of L2TP, forward UDP ports 1701, 500, and 4500. On my Linksys, it's under Security, Apps and Gaming.

The Device IP is the internal IP address of your Synology. It's best to have your Synology use a Static IP address, or at least have a DHCP reservation so this IP doesn't change and things stop lining up.

Port Forwarding in a Router

Also, ensure that your Router is passing L2TP traffic as well. I changed this under Security.

L2TP Passthrough

At this point, you should be able to at least try to connect to your house via VPN. I did this as a quick test by taking my iPhone off the wireless networking (thereby being on the open internet) and VPN'ing back in.

If you succeed, you should be able to see yourself in the VPN Server | Connection List area on our Synology.

VPN Server

Here's what I did on my iDevice to setup VPN.

Setting up iOS/iPhone/IPad for VPN

From the iOS Settings app, go General | VPN. Touch Add VPN Configuration. I selected L2TP and put in my Server name or IP and named the account "home."

NOTE: If you don't want to use your IP address, you can use the dynamic DNS feature built into your Synology, or any one of many dynamic DNS systems that will give you a nice domain like "" or whatever. You can also, if you like, setup a CNAME with your own domain and point it to that dynamic domain. So could be your server, if you wanted.

With L2TP you'll need your username and password, as well as a Shared Secret. That's like another password. Specifically the Secret text box in iOS is the "pre-shared key" from your Synology L2TP VPN setup.

Add VPN in iOS

At this point you'll get a nice VPN option on your Settings app under Personal Hotspot that wasn't there before. You can turn it on and off now, easily.

VPN Connecting in Settings

Once I'm VPN'ed in I can see a [VPN] indicator in the top status bar. I've installed the FREE Microsoft Remote Desktop Client for iOS.

RD Client on an iPhone - Remote Desktop

And here's me VPN'ed into my home PC from my iPhone. This of course, can be done on Android and Windows Phone as well.

Remoted into my desktop at home with RDP

It looks small, but in reality it's very usable, especially from an iPad with a Bluetooth Keyboard.

Setting up L2TP VPN on Windows 8.1

Now I'll setup VPN back to home on my Windows 8.1 machine. For some reason this was super easy in Windows 7, but in Windows 8.1 there isn't a clear way to just add a L2TP VPN. You can add other simpler (or Vendor) VPNs in a straightforward manner, but not L2TP.

Just hit the Windows key (or Start Menu) and type "Add VPN." When you get to the VPN management screen, you'll see this and can fill it out.

Adding VPN

But L2TP VPN setup with a pre-shared key requires some more work. If you know of a simpler way, let me know. I can see about three different ways to get to the same result.

Go ahead and create a new VPN connection with the menu above. Select Microsoft as the VPN type and put in your server address and optionally name and password. This will create the VPN connection.

Pay attention now. Go back to the Start Menu and type "Network Connection." You want the first item called "View Network Connection" (a classic control panel, not a fullscreen 'metro' one).

Opening Network Connections

From there, you'll open a classic control panel and see your VPN connection. Right click and click Properties.

Network Connections with VPN

Click Security, make sure L2TP is set, then click Advanced Settings.

L2TP VPN in Windows 8'

Put your pre-shared key there.

Setting a preshared key

Connect to your home VPN and have fun

Of course, please do remember to use strong passwords, strong pre-shared keys, and change them. Don't be lazy.

At this point you can connect to your home/office and work to your heart's content.

VPN Connection in Windows 8

For some of you this is "duh" or old hat, but for me it was something I just never got around to doing. Mostly laziness prevented. But just last week I had to drive 30 miles back to my house from a dinner in order to move a file from my Desktop into Dropbox. I'm pretty sure I'm not the only reasonably smart techie with a story like that. This VPN setup would have meant I could do that from my phone and it would have saved me a big hassle and over an hour of my time.


About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Refresh Your PC in Windows, AppData, and my missing Minecraft worlds

January 8, '15 Comments [32] Posted in Win8
Sponsored By

I thought I lost everything today. Well, not really, I have a very regular Backup Strategy (stop reading this blog post NOW and back your stuff up!) so I could get stuff back if I really needed to.

But a laptop died today. It just wouldn't start up and I had to run "Refresh my PC," a very cool feature of Windows that basically mostly reinstalls Windows without reinstalling. It promises not to lose your files. And it's (99%) true, because when I got Windows back up later my Documents and Desktop were just as I left them, untouched by the this major operation.

Refresh your PC - Windows 8.1

Fortunately I used Boxstarter, Chocolately, and a list of the programs I have installed as a Gist and was able to get my Windows machine with all my desktop programs back up and running in a few hours. All my files were backed up to the cloud and every file was where I left it.

Except the most important ones. ;)

I launched Minecraft, and saw this. And almost died.

My minecraft worlds are missing!

Where's my Minecraft save games/worlds?

I thought Windows promised to not change my files!? Well, sadly Minecraft doesn't save worlds in "My Documents\Minecraft," where it should. It puts them instead in c:\Users\YOURNAME\AppData\Roaming\.minecraft\saves which is basically like a temp folder of sorts for config data.

Fortunately after my initial freak out, even these files aren't lost, they are in C:\Windows.old\users\YOURNAME\AppData\Roaming\.minecraft\saves along with all your other AppData stuff including the npm-cache, .emacs.d, and other config data you might want.

Move them back, and you're (I'm) all set!

To the (Minecraft) Cloud!


Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

The real and complete story - Does Windows defragment your SSD?

December 3, '14 Comments [69] Posted in Win7 | Win8
Sponsored By

There has been a LOT of confusion around Windows, SSDs (hard drives), and whether or not they are getting automatically defragmented by automatic maintenance tasks in Windows.

There's a general rule of thumb or statement that "defragging an SSD is always a bad idea." I think we can agree we've all heard this before. We've all been told that SSDs don't last forever and when they die, they just poof and die. SSDs can only handle a finite number of writes before things start going bad. This is of course true of regular spinning rust hard drives, but the conventional wisdom around SSDs is to avoid writes that are perceived as unnecessary.

Does Windows really defrag your SSD?

I've seen statements around the web like this:

I just noticed that the defragsvc is hammering the internal disk on my machine.  To my understanding defrag provides no value add on an SSD and so is disabled by default when the installer determines the disk is SSD.  I was thinking it could be TRIM working, but I thought that was internal to the SSD and so the OS wouldn’t even see the IO.

One of the most popular blog posts on the topic of defrag and SSDs under Windows is by Vadim Sterkin. Vadim's analysis has a lot going on. He can see that defrag is doing something, but it's not clear why, how, or for how long. What's the real story? Something is clearly running, but what is it doing and why?

I made some inquiries internally, got what I thought was a definitive answer and waded in with a comment. However, my comment, while declarative, was wrong.

Windows doesn’t defrag SSDs. Full stop. If it reports as an SSD it doesn’t get defraged, no matter what. This is just a no-op message. There’s no bug here, sorry. - Me in the Past

I dug deeper and talked to developers on the Windows storage team and this post is written in conjunction with them to answer the question, once and for all

"What's the deal with SSDs, Windows and Defrag, and more importantly, is Windows doing the RIGHT THING?"

It turns out that the answer is more nuanced than just yes or no, as is common with technical questions.

The short answer is, yes, Windows does sometimes defragment SSDs, yes, it's important to intelligently and appropriately defrag SSDs, and yes, Windows is smart about how it treats your SSD.

The long answer is this.

Actually Scott and Vadim are both wrong. Storage Optimizer will defrag an SSD once a month if volume snapshots are enabled. This is by design and necessary due to slow volsnap copy on write performance on fragmented SSD volumes. It’s also somewhat of a misconception that fragmentation is not a problem on SSDs. If an SSD gets too fragmented you can hit maximum file fragmentation (when the metadata can’t represent any more file fragments) which will result in errors when you try to write/extend a file. Furthermore, more file fragments means more metadata to process while reading/writing a file, which can lead to slower performance.

As far as Retrim is concerned, this command should run on the schedule specified in the dfrgui UI. Retrim is necessary because of the way TRIM is processed in the file systems. Due to the varying performance of hardware responding to TRIM, TRIM is processed asynchronously by the file system. When a file is deleted or space is otherwise freed, the file system queues the trim request to be processed. To limit the peek resource usage this queue may only grow to a maximum number of trim requests. If the queue is of max size, incoming TRIM requests may be dropped. This is okay because we will periodically come through and do a Retrim with Storage Optimizer. The Retrim is done at a granularity that should avoid hitting the maximum TRIM request queue size where TRIMs are dropped.

Wow, that's awesome and dense. Let's tease it apart a little.

When he says volume snapshots or "volsnap" he means the Volume Shadow Copy system in Windows. This is used and enabled by Windows System Restore when it takes a snapshot of your system and saves it so you can rollback to a previous system state. I used this just yesterday when I install a bad driver. A bit of advanced info here - Defrag will only run on your SSD if volsnap is turned on, and volsnap is turned on by System Restore as one needs the other. You could turn off System Restore if you want, but that turns off a pretty important safety net for Windows.

One developer added this comment, which I think is right on.

I think the major misconception is that most people have a very outdated model of disk\file layout, and how SSDs work.

First, yes, your SSD will get intelligently defragmented once a month. Fragmentation, while less of a performance problem on SSDs vs traditional hard drives is still a problem. SSDS *do* get fragmented.

It's also worth pointing out that what we (old-timers) think about as "defrag.exe" as a UI is really "optimize your storage" now. It was defrag in the past and now it's a larger disk health automated system.

Used under CC. Photo by Simon WüllhorstAdditionally, there is a maximum level of fragmentation that the file system can handle. Fragmentation has long been considered as primarily a performance issue with traditional hard drives. When a disk gets fragmented, a singular file can exist in pieces in different locations on a physical drive. That physical drive then needs to seek around collecting pieces of the file and that takes extra time.

This kind of fragmentation still happens on SSDs, even though their performance characteristics are very different. The file systems metadata keeps track of fragments and can only keep track of so many. Defragmentation in cases like this is not only useful, but absolutely needed.

SSDs also have the concept of TRIM. While TRIM (retrim) is a separate concept from fragmentation, it is still handled by the Windows Storage Optimizer subsystem and the schedule is managed by the same UI from the User's perspective. TRIM is a way for SSDs to mark data blocks as being not in use. Writing to empty blocks on an SSD is faster that writing to blocks in use as those need to be erased before writing to them again. SSDs internally work very differently from traditional hard drives and don't usually know what sectors are in use and what is free space. Deleting something means marking it as not in use. TRIM lets the operating system notify the SSD that a page is no longer in use and this hint gives the SSD more information which results in fewer writes, and theoretically longer operating life. 

In the old days, you would sometimes be told by power users to run this at the command line to see if TRIM was enabled for your SSD. A zero result indicates it is.

fsutil behavior query DisableDeleteNotify

However, this stuff is handled by Windows today in 2014, and you can trust that it's "doing the right thing." Windows 7, along with 8 and 8.1 come with appropriate and intelligent defaults and you don't need to change them for optimal disk performance. This is also true with Server SKUs like Windows Server 2008R2 and later.


No, Windows is not foolishly or blindly running a defrag on your SSD every night, and no, Windows defrag isn't shortening the life of your SSD unnecessarily. Modern SSDs don't work the same way that we are used to with traditional hard drives.

Yes, your SSD's file system sometimes needs a kind of defragmentation and that's handled by Windows, monthly by default, when appropriate. The intent is to maximize performance and a long life. If you disable defragmentation completely, you are taking a risk that your filesystem metadata could reach maximum fragmentation and get you potentially in trouble.

Related Links

* photo by Simon Wüllhorst, used under CC BY 2.0.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Video: My non-technical partner tries Windows 10 for the first time

October 23, '14 Comments [23] Posted in Win10 | Win8
Sponsored By

You may have watch my YouTube series on being an effective user of Windows 8 and 8.1. I've made a short URL for you to give to your friends and family It'll take you to a YouTube Playlist that includes all my best tips and tricks on using Windows. The most popular is "Learning Windows 8 in 3 minutes" but if you're looking to get yourself, or perhaps non-technical Dad and Mom up to date on Windows 8, I recommend they check out "Windows 8: The Missing Instruction Manual." It's calmly paced and explains everything they'll need to know.

A lot of people say "Windows 8 isn't intuitive." That's up for debate, I think, as there's a big difference between unfamiliar and unintuitive. A few minutes of your time and you'll feel a lot more "intuitively" about Windows.

That said, Windows 10 is coming. If you have an extra machine you can sign up for the Preview here. It's very early and I would not put this on your primary machine.

I thought it would be interesting to show my very smart, but rather non-technical wife Windows 10 for the first time. Here's an uncut video of her experience running the first build of the Windows 10 Technical Preview.

I encourage you to watch it, it's rather interesting the way that she discovers "new" features, but also learns about existing features from as far back as Windows 7. If you've ever do a usability test you'll find the interactions fascinating.

And again, do check out and share

Sponsor: Big thanks to my friends at Octopus Deploy. They are the deployment secret that everyone is talking about. Using NuGet and powerful conventions, Octopus Deploy makes it easy to automate releases of ASP.NET applications and Windows Services. Say goodbye to remote desktop and start automating today!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb
Page 1 of 6 in the Win8 category Next Page

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.