Surface Pro

SCCM 1706 Feature Favourite – Managing Surface Drivers

Posted on Updated on

As many of you know, I am the cohost of the Universal Windows Podcast that started as the SurfaceSmiths Podcast – focussed on the Microsoft Surface.

I still use a Surface Pro 3 and many of my customers use SCCM to manage Surface devices. In fact, The Surface Pro is the tablet of choice in the Canadian federal government. So how is this related to SCCM 1706? While there are many new features in SCCM 1706 that you can read about here, there is a pre-release feature that is particularly interesting to anyone that has to manage Surface devices. The feature provides the ability to manage MS Surface driver updates with SCCM.


  • All software update points must run Windows Server 2016.
  • This is a pre-release feature that you must turn on for it to be available. For more information, see Use pre-release features from updates.

To manage Surface driver updates

  1. Enable Synchronization for Microsoft Surface drivers. Use the procedure in Configure classification and products and select the Include Microsoft Surface drivers and firmware updates checkbox on the Classifications tab to enable Surface drivers.
  2. Synchronize the Microsoft Surface drivers.
  3. Deploy synchronized Microsoft Surface drivers

How to Train your Surface

Posted on Updated on

A lot of people I speak to would like to use the inking features of Windows 8.1 and their surface – especially the Ink-to-Text feature of OneNote however they struggle to make the process efficient for them and get frustrated when things don’t work out as expected. One of the biggest frustrations is not having your handwriting properly recognized by OneNote.

I’ve spoken about the feature in Episode 4 of the Surface Smiths Podcast and in Episode 5, I speak about the Surface App that you can use to customize the pen sensitivity to better suit your writing style and in Episode 6 6, I speak about how to train your surface to better recognize your handwriting.

This blog post provides step by step instructions on how to personalize the handwriting recognition in Windows 8.1 and the MS Surface Pro. These instructions should also work on the Surface 3 however I haven’t tested them.


  1. You already know how to use OneNote and how to use the Ink-to-Text Feature. If you don’t, please refer to Surface Smiths Podcast – Episode 4 or the MS Surface FAQ
  2. You have a working Surface Pen that is synced to your device
  3. You have about an hour to go through all of the training. Don’t worry if you run out of time, you can save and complete it later if you need to.


  1. Open Control Panel
  2. Select Language
  3. Select Options beside the language that you will be writing in (easier if you only have one language installed)

  1. Select Personalize handwriting recognition (If you have more than one language installed, you may get prompted to Choose the language for handwriting recognition personalization)
  2. Select Teach the recognizer your handwriting style
  3. You will be prompted to train on both Sentences and Numbers, Symbols and Letters through a series of wizards. Get to work!

    The sentences training panels will look similar to this based on your language selection:

Notice that there are fifty screens to complete

The Numbers, Symbols and Letters training panels will look similar to this:

Notice that there are nine screen to complete

IF things don’t work out perfectly, you can fine tune the recognition for specific errors or restart the training from scratch.

New Children in the Surface Pro 3 Family of Devices

Posted on Updated on

Surface Family Tree

Microsoft just announced a new model to the Surface Pro 3 family of devices. It is the Intel Core i7 with 8GB of RAM and a 128GB SSD. Previously the i7 models were only available with either a 256GB or 512GB SSD.

Here’s what the modern Surface Pro 3 family looks like now:

Processor Memory Storage
Intel Core i3 4GB RAM 64GB SSD
Intel Core i5 4GB RAM 128GB SSD
Intel Core i5 8GB RAM 256GB SSD
Intel Core i7 8GB RAM 128GB SSD
Intel Core i7 8GB RAM 256GB SSD
Intel Core i7 8GB RAM 512GB SSD

And of course there’s the other branch of the family, the Surface 3, announced last month at Microsoft Ignite and currently available in four flavours including two new LTE models released this month:

Processor Memory Storage LTE
Intel Atom x7-Z8700 2GB RAM 64GB SSD Yes
Intel Atom x7-Z8700 2GB RAM 64GB SSD No
Intel Atom x7-Z8700 4GB RAM 128GB SSD Yes
Intel Atom x7-Z8700 4GB RAM 128GB SSD No

This generation of the Surface family tree is growing quickly. I guess success breeds new devices.

So who do the new devices appeal to? Sales figures will ultimately determine that but my guess is that the new i7 is targeted at somebody that prioritizes price and performance over storage (remember that the SP3 has a SD slot and has a USB3 port). If most of your data is stored on a corporate network, OneDrive or some other location, this may be a reasonable compromise.

The LTE devices are targeted at vertical applications that require constant connectivity (think jobsite) or the user that doesn’t want to tether to a mobile phone (for any number of reasons, data plan, battery, etc.).

Let me know the use cases that you think these devices would be good for and I will discuss them on an upcoming episode of the Surface Smiths Podcast.

Small Logo

Managing Windows 8.1 and the MS Surface in the Enterprise – Part 2: Deployment with System Center Configuration Manager

Posted on Updated on

I’ve been selected to deliver a session next month as part of the Microsoft MVP Virtual Conference – You can register here. My session is focussed on the managing the MS Surface in the Enterprise and as part of my preparation I’ve been assembling lots of nuggets that will be scattered throughout the presentation. This blog post series is an attempt to aggregate some of the more significant pieces from the session that may have broader appeal.  This is the second installment in the series.  Here is a link to part 1 – Who’s Minding the Store.

As more and more organizations are deploying Surface devices there are some special considerations when deploying with Configuration Manager:

  1. Since the Surface doesn’t have a physical NIC, if you will probably need a USB NIC or docking station. If you are reusing the same dock or USB NIC, Configuration Manager will need to have the MAC address of the NIC cleaned out after each deployment. This blog provides more information on the issue and provides a script that can be used for the cleanup.
  2. The Surface Pro 3 Class 3 UEFI device. In order to support PXE bot for such a device Windows Deployment Services(WDS) must be at least Windows Server 2008R2 with Windows Server 2012 Boot image (Windows Server 2012R2 WDS with 2012R2 boot image is recommended)
  3. DHCP Scope Options 66/67 will not work with mix of BIOS and UEFI systems. Ip helpers must be used instead.

You may want to download the Deployment and Administration Guide for Surface Pro 3.

Decision Time: Surface 3 or Surface Pro 3?

Posted on Updated on

I’m at Microsoft Ignite this week and I have been attending some great sessions. Yesterday (Surface 3 launch day) I attended a session by Cyril Belikoff from the Surface team. I asked him for some guidance on which use cases were better suited to the Surface 3 and the Surface Pro 3. He happened to have a slide available that explained the way the Microsoft thinks about it. I stole borrowed elements of the slide to create the image above. What it boils down to is that there is a spectrum of needs and requirements. People need a laptop but want a tablet. Depending on their use case, they may be better served at the “tabletty” end of that spectrum of the “laptoppy” end of the spectrum. The Surface 3 is closer to pure tablet end of the spectrum while the Surface Pro 3 is closer to the pure laptop end.

Managing Windows 8.1 and the MS Surface in the Enterprise – Part 1: Who’s Minding the Store?

Posted on Updated on

Love it or hate it, but Windows 8.1 was intended to be both a desktop and “device” operating system. There have been many articles written about how well it succeeds or fails at one or both of those objectives. Regardless of how you feel about Windows 8.1, if you are tasked with managing it in you enterprise, you don’t need another rant / rave post. You need some guidance on how to manage some of the intricacies that Windows 8.1 and some device form factors like the Surface bring into play. That’s what this series of posts aims to do.

I’ve been selected to deliver a session next month as part of the Microsoft MVP Virtual Conference – You can register here. My session is focussed on the managing the MS Surface in the Enterprise and as part of my preparation I’ve been assembling lots of nuggets that will be scattered throughout the presentation. This blog post series is an attempt to aggregate some of the more significant pieces from the session that may have broader appeal.

As part of Microsoft’s attempt to create an OS that is appealing to tablet device users, Microsoft introduced the Windows Store. The Windows Store is Microsoft’s version of Google Play, Apples iTunes App Store, the Amazon Appstore for Android and many other sources for device based apps. The current incarnation of the Windows Store showcases Modern UI (formerly known as Metro) applications.

Like the other AppStores, the Windows store is designed for consumers to purchase applications to run on their devices. Unlike the other AppStores, the Windows Store model needs to coexist with legacy software delivery methods in use by enterprise IT departments such as SCCM.  While inconvenient, this is not a knock against the Windows Store.  Other platforms don’t have this issue because they don’t have any legacy applications or enterprise software delivery models.

What can we do Today?

For now there are really two methods for managing Modern Apps in an enterprise setting:

1. Sideload the application

  • Requires Certificate to sign the app since it will bypass the store validation
  • Requires .Appx Bundle from the application developer / vendor
  • Applications can be inserted into image with DISM
  • Applications can be distributed with System Center Configuration Manager

2. Deep Link the application

  • Requires Windows Store account for each user (does not need to be linked to domain account)
  • Associates application with user
  • Applications cannot be included in image
  • Still requires some user input (not truly silent)

Access to the Windows store can be controlled through group policy.

If you choose to permit users to access the store there is still the ability to restrict or allow specific applications with AppLocker.

Coming with Windows 10

Microsoft has announced that this will get easier with Windows 10. Organizations will be able to setup a private “boutique” within the Windows Store and curate which applications their users will be able to browse and install. Organizations will also be able to use a single store account to make volume purchases and download the installation files and distribute them in ways that make sense for their use cases (machines without internet access, reassigning applications, etc.).

The Microsoft Surface FAQ

Posted on Updated on

The following is a copy of the content you would have found if you followed the link above to Microsoft Surface FAQ today.  The FAQ is evolving and I have been adding content regularly.  I feel it now has sufficient content to post a copy of it as a blog post to inform you about it.  Bookmark the actual FAQ for future reference as this post will be static but the FAQ won’t be.


This is a series of questions and answers cobbled together from questions I have been asked, questions on Reddit and questions on SurfaceForums.Net.  It is still a work in progress.  If you find it helpful please share with others (if you don’t find it helpful, share it with somebody you don’t like).  If you have any questions that you would like to see here, please leave a comment.

BTW – a great resource for Surface owners and prospective Surface owners is

What’s the difference between Surface RT and Surface Pro?

My friend can install Windows 7 programs on his Surface Pro. Why can’t I install them on my Surface RT/Surface 2?

How do I use CTRL+Fn keys like I do on a normal keyboard?

Can I use the Surface Pro 1/2 pen with the Surface Pro 3?

My speakers aren’t loud enough.  How can I increase the volume?

How can I extend the battery life on my Surface?

Are Picture Passwords secure?

How do I enable a Picture Password?

How can I convert handwriting to text?

How can I connect my Surface to a wireless display?

How can I use the Surface Pro pen for navigation?

My Surface only has a headphone jack. How can I connect a microphone to it?

How can I improve my battery life?

How can I monitor my battery usage?

What’s the difference between Surface RT and Surface Pro?

Surface RT (and Surface 2) run Windows RT. Windows RT is a special build of Windows that only runs on the ARM processor architecture. The Surface devices with “Pro” in their names (Surface Pro, Surface Pro 2 and Surface Pro 3 at the time of this writing ) run the same versions of Windows available for desktops and laptops.  This version of Windows is designed to run on the Intel x64 architecture and run Windows 8.x using the same binaries as Windows 8.x on a normal desktop or laptop computer. The RT is more like  a traditional tablet with long battery life, running cooler, and instant on.  Of course the dimensions are a little different as the RT is slimmer than the Pro.

My friend can install Windows 7 programs on his Surface Pro. Why can’t I install them on my Surface Rt/Surface 2?

Just as the version of Windows that runs on the Arm processor is different, so are the binaries for the applications that run on the different processor architectures.  The application would need to be recompiled to and potentially modified to run on Windows RT.

How Do I use CTRL+Fn keys like I do on a normal keyboard?

Press the Fn key at the same time as the function keys to have them act as normal function keys. You can also toggle them between special/normal by pressing Fn and CapsLock.

Can I use the Surface Pro 1/2 pen with the Surface Pro 3?

The Surface Pro 3 switched from the Wacom pen technology to the n-Trig pen technology.  As a result, while the pen used with the Surface Pro 1 and 2 is interchangeable with each other, the Surface Pro 3 pen cannot be used on earlier models and the Surface Pro ½ pens will not work on the Surface Pro 3.  Windows RT devices do not support either the Wacom or the n-Trig pens.

My speakers aren’t loud enough.  How can I increase the volume?

Turning on the loudness equalization might help.  Navigate to Control Panel, click Sound > click on Speakers click on Properties click the Enhancements tab, select the Enable check box.

How can I extend the battery life on my Surface?

There are several ways you can extend battery life—reduce the brightness of your screen, unplug USB devices you aren’t using, or turn off Wi-Fi and Bluetooth if you don’t need it for a while. If you have Surface Pro (1, 2 or 3) you can also save your battery by enabling a power-saving power plan. For more info about your Surface battery, see:

Are Picture Passwords secure?

That depends.  They definitely harder to crack through automated brute force attack methods than a text based password.  For more information on the security of Picture Passwords see here

How do I enable a Picture Password?

  1. Swipe in from the right edge of the screen, tap Settings, and then tap Change PC settings.  (If you’re using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, click Settings, and then click Change PC settings.)
  2. Tap or click Accounts, and tap or click Sign-in options.
  3. Under Picture password, tap or click Add.
  4. Sign in with your Microsoft account info, then follow the steps on the screen to choose a picture and pick your gestures.

Follow this link to for more detailed information about how to enable Picture Passwords

How can I convert handwriting to text?

OneNote has the ability to convert handwriting to text.  On the draw menu, simply select the Ink to Text button on the ribbon.

How can I connect my Surface to a wireless display?

Windows 8.1 has support for Miracast that allows devices to connect to a display using wireless technology . If you have a compatible display (or a wireless display adapter such as this one or this one) you can connect tot he display and either extend your display or duplicate it following these steps:

  1. Add the Display to your Surface
    1. Swipe in from the right edge of the screen, and then tap Devices.
      (If you’re using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, and then click Devices.)
    2. Tap or click Project, and then tap or click Add a wireless display.
    3. Choose the wireless display in the list of devices found, and follow the instructions on the screen.
  2. Project your screen to the device that has been added
    1. Swipe in from the right edge of the screen, and then tap Devices.
      (If you’re using a mouse, point to the lower-right corner of the screen, move the mouse pointer up, and then click Devices.)
    2. Tap or click Project, and then tap or click the wireless display you want.

For more detailed information read this article.

How can I use the Surface Pro pen for navigation?

Hover pen above screen: Moves the mouse cursor around, allowing you to perform mouse hover actions.
Tap pen on screen: Performs a left-click.
Press on screen and hold down: Performs a right-click after a moment’s wait.
Hold button on pen and tap pen on screen: Performs a right-click immediately.

My Surface only has one audio jack. How can I connect a microphone to it?

The 3.5mm audio jack on the Surface supports both output (headphones and speakers) and input (microphones) using a single connection.  There are four options for attaching a microphone to your Surface:

  1. Connect a combo headset/microphone that uses the a single 3.5mm jack.  These are commonly used with smartphones.
  2. Use a splitter to create two separate jacks:  one for input and one for output.
  3. Use a bluetooth to connect a headset/microphone.
  4. Use a USB microphone/headset.

How can I improve my battery life?

There are many factors that affect battery life.  The following are some easy ways to help improve battery life:

  1. Make sure you have the latest firmware
  2. Use lower screen brightness settings as appropriate.
    1. You can set it manually from the Charms>Settings>Screen or Fn+Del / FN+Backspace.
    2. You can also setup a powerplan that automatically dims the display based on battery level and/or ambient light conditions fromControl Panel>All Control Panel Items>Power Options>Edit Plan Settings>Change Advanced Settings
  3. Avoid using Chrome.  Many Surface users have reported high CPU and fan usage when using Chrome (especially multiple tabs).  This may not be an issue in the future.

How can I monitor my battery usage?

If you want to get an idea of how you use your battery, how it fast it discharges and charges and other useful information (usage, expected life, etc.)simply run the following command to generate the file battery_report.html on your desktop:

powercfg /batteryreport /output %USERPROFILE%\Desktop\battery_report.html

Managing Surface Pro Drivers and Firmware in the Enterprise

Posted on Updated on

Cut to the chaseSurface Pro 3 January Cumulative Driver & Firmware Update Avaialble as MSI

Microsoft’s Surface Tablet/hybrid has been steadily gaining traction in as both a consumer device and a business tool. I use mine for both personal and business use. I haven’t turned on my iPad in over 5 months and I’m only using my laptop as a test bed for pre-release versions of Windows 10. My Surface Pro 3 has become my go to device. My mobile phone and Surface meet 95% of my requirements without any compromise.

Microsoft has been rolling out Surface drivers and firmware updates through the Windows Update service. This works great for personal devices but IT departments have struggled to keep the devices updated using their traditional tools.

Problem Statement

Enterprises need the ability to roll out Surface Updates with procedures that adhere to best practices and integrate into the processes that are already in place for other domain joined devices such as Windows Intune and System Center Configuration Manager (SCCM).

The Homebrew Solution

What does a smart Sysadmin do to solve the problem? He (or she) builds their own cumulative update payload that includes all updates including (patches, firmware, and drivers). Make it easy to manage and install in unattended mode with a smart wrapper like PowerShell or Windows Installer / MSI.

The Microsoft Solution

Microsoft has released a solution that meets all of the requirements of the homebrew solution but you don’t have to build it yourself.  Here’s a link to the January payload. There are multiple files that can be downloaded from the link. Select the Surface Pro 3 January 2015

It will install all drivers and firmware that have been released through January 2015. As new updates are released new MSI files will be available for download.

Some notes:

  1. It doesn’t contain all Surface Pro 3 drivers, just the driver updates
  2. Touch firmware updates are not included
  3. It will create an entry into add/remove programs
  4. There is an option that allows the installation operations to be logged verbosely for troubleshooting

Here’s a good post with a step-by-step that explains how to use the MSI with System Center Configuration Manager (SCCM) and System Center Updates Publisher (SCUP).


Surface Pro 3 – January Update Available – Wi-Fi Better?

Posted on Updated on


This week, another firmware update was released for the Surface Pro 3.  As I had reported previously, I’ve been plagued with Wi-Fi reconnection issues on my Surface Pro.  I’ve been able to live with it by understanding some of the issues and making adjustments but they have felt like a compromise so far.  The two adjustments I’ve are:

Hyper-V – I use Hyper-V quite a bit and one of the known issues is Hyper-V not playing nice with Connected Standby.

Home Wi-Fi Configuration – I’ve made some changes to my home network to try and work around some of the issues.  You can read about them in a separate post.

Today, I received the latest firmware update to my device and the Wi-Fi seems more stable so far.

Surface firmware updates are available as part of the Windows Update Service.  If you rely on this service, the update availability is staggered so not all devices will have updates available to them at the same time.  I just got the January 15th payload this morning.  January 17th.

In another post I will update you on a more enterprise friendly method to manage firmware and driver updates that relies on MSI files.

So what’s in the January 15th, 2015 firmware update for the Surface Pro 3?  Here’s a brief overview.

  1. Surface Pro UEFI update (v3.11.450.0) adds support for updated HD Graphics Family driver.
  2. HD Graphics Family driver update (v10.18.14.4029) enhances display stability and performance, improves user experience when using Miracast adapters. Improves compatibility with DisplayPort monitors and daisy chaining.
  3. Wireless Network Controller and Bluetooth driver update (v15.68.3073.151) addresses connectivity issues while Hyper-V is enabled. Adds an advanced feature to control the 2.4Ghz and 5Ghz band preference.
  4. Surface Home Button driver update (v2.0.1179.0) ensures compatibility with the Surface Hub app.
  5. Microsoft Docking Station Audio Device driver update (v1.31.35.7) improves the user experience while using the Surface Pro 3 Docking Station so that sound is available when a speaker is not connected to the docking station.

For more detailed information on all firmware updates for the device, checkout the Surface Pro Firmware update history.

Happy Wi-Fi, Happy Life

Posted on Updated on

Since I started using my Surface Pro 3, I’ve been wondering if my home Wi-Fi setup was partly to blame for my connectivity frustrations.  In this post I share some of the lessons I’ve learned while trying to get the most out of my mobile devices and my home network.

I can remember buying my first Wi-Fi router back in 1998. I spent about $500 for a Linksys 802.11b device. Back then I was one of about 40 people in my city that had residential broadband as part of a pilot project. Since then I’ve had at least a half a dozen different access points at least three from Linksys but also others from Netgear, TrendNet, D-Link, Belkin, Asus etc.

I’ve never had any real problems with my Wi-Fi network until last few years. Probably due to the proliferation of Wi-Fi in all sorts of consumer devices creating congestion in the 2.4GHz band. Add to that my stable of Microsoft Surface devices with flakey Marvell Wi-Fi drivers and it’s a recipe for frustration with something that I had come to rely on and taken for granted for over a decade.

As my family has grown I’ve had to give up my dedicated home office space and move my networking gear into a utility room in the basement. Another side effect of a growing family is a proliferation of wireless gadgets (Six Tablets, three laptops, three MP3 players, four mobile phones, two Xboxes, three eReaders, etc. – well I guess I’m the major cause of that but let’s blame the wife and kids just a little.

So what have I done to reduce my Wi-Fi headaches?

  1. Repeater – I added a Cisco repeater on the main floor to help get signal to the far flung reaches of the estate. I’m Cisco Linksys RE100 Range Extender. I configured it to use the same SSID as by WAP. Although this works I may have created some issues for myself:
    1. When devices first connect to the network they select an access point based on signal strength. This may not be optimal as the repeater introduces some delay and selecting the base station might provide better performance even with a weaker signal.
    2. When roaming the client devices may not release the original access point at the optimal time/location when mobile. They will typically hold on to the current access point until the signal is excessively weak.
  2. SSID – I’ve been hiding (not broadcasting my) SSID for as long as I’ve had an access point that supported the feature. At one point I had even configured an old WAP as a honeypot (I stopped when the number of visible SSIDs on my street topped 2 dozen. It turns out I may have been creating some additional problems for myself. I have recently learned the SSIDs were never designed to be hidden and the security through obscurity effect is minimal if present at all. Long story short: I no longer hide my SSID.
  3. 2.4GHz vs. 5GHz – Similarly to the repeater configuration, I had been configuring both my 5GHz network and my 2.4GHz network to use the same SSID. Again, while this is supported, it can be sub-optimal. It turns out that most wireless devices do not prioritize 5GHz over 2.4GHz so it will select one network over the other based on which beacon it sees first. I now use a different SSID for each frequency.

I don’t actually use a repeater/extender anymore. Since I’ve moved to an ASUS AC1900 RT68u I’ve found that the range is more than adequate for our manse.


So what are the lessons learned?

  1. Avoid using the same SSID for a range extender and a WAP
  2. Avoid blocking the broadcast of the SSID
  3. Avoid using the same SSID for both 2.4GHz and 5GHz networks.

I’m not a networking expert but I know enough to get myself into trouble. I hope these tips can help you stay out of trouble and get the most out of your Surface and other wireless devices.