Page tree
Viewable by the world
Skip to end of metadata
Go to start of metadata

IT Spotlight


Microsoft has taken a different approach to updating Windows 10, as they release major builds twice a year. Each build will have an end of lifecycle and will cease to be supported as defined by their End of Service date. Users should know that they must regularly commit to updating their Windows 10 operating system or risk cyber threat and/or block.

Microsoft has published the Windows 10 lifecycle fact sheet (, see the table below.

Windows 10 version history

Date of availability

End of service

Windows 10, version 1709

October 17, 2017

April 9, 2019**

Windows 10, version 1703

April 5, 2017

October 9, 2018**  

Windows 10, version 1607

August 2, 2016

April 10, 2018**

Windows 10, version 1511

November 10, 2015

October 10, 2017**

Windows 10, released July 2015 (version 1507)

July 29, 2015

May 9, 2017

Thanks to Berkeley Lab BigFix and support from our LBL Active Directory and our Windows Server Update Service (WSUS), we have discovered 43 Windows computers that have not updated their Windows 10, version 1511 operating system. These systems must update immediately. IT User Support will be reaching out to these users in the next week to provide any support needed with their Windows 10 update.

To find out about the your Windows 10 version, see Which Windows operating system am I running? (

Users should be mindful regarding Windows Updates:

  • Backup your system before doing your Windows Update, you can use Druva inSync from our software download page,

  • Update files can be big and may take some time to download

  • Once the Update starts to download you can minimize it and continue working

  • When the download is complete it will ask for a reboot, you can pause or reschedule for the end of the day (Note: update will not finish without a reboot)

  • Application of system settings after a Windows Update may require another 15-30 minutes after you reboot and login

Users can request help with updating their Windows 10 system by clicking on the link below.

Remember do not push off updating your computer, update regularly!



This project was possible because IT identified affected systems with Berkeley Lab BigFix. To get Berkeley Lab BigFix for your computer, please visit

Microsoft ceased mainstream updates for Windows 7 on January 13, 2015. Since then, Windows 7 continues to receive extended security updates; however Microsoft will cease all updates to WIndows 7 on January 14, 2020. This is detailed in the Windows Lifecycle Fact Sheet (

IT User Support typically deploys workstations with a planned three-year service life. Because security updates to Windows 7 will stop in less that two years, Windows 7 systems are no longer being deployed. In particular, IT User Support will only deploy new and repurposed systems running Windows 10.  All repurposed systems that originated with a Windows 7 license will be required to upgrade to Windows 10. Windows 10 licenses can be purchased from our software download site,, for $138.62.

All users should begin to plan for replacing all WIndows 7 installations by February, 2020.

Users may want to consider switching to Chromebooks for office and remote work. These lightweight and inexpensive systems work with all Google G Suite and Microsoft Office 365 applications, and provide remote access capabilities to Windows systems. Chromebooks are very easy to use, and provide excellent security, and cost much less than a comparable Windows laptop.

Users can contact IT User Support for more information by clicking the link below.



This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit

Lenovo has issued a recall on ThinkPad X1 Carbon 5th Generation laptops (Machine Types: 20HQ, 20HR, 20K3, 20K4) sold before Nov 1, 2017.

Lenovo has determined that a limited number of such laptops may have an unfastened screw that could damage the laptop’s battery causing overheating, potentially posing a fire hazard.

Lenovo has provided a support page where you can check to see if your model has been recalled, see

If you have any questions, please feel free to contact IT at or click on the link below to submit a help ticket.


Apple announced last year that they are beginning to phase out support for 32-bit applications for macOS. Beginning in January 2018, the Mac app store will no longer accept any 32-bit apps. Starting with macOS High Sierra 10.13.4, Apple will begin warning users about installed applications that are 32-bit, but will continue to run them without problems.

Apple has not yet announced the release date of macOS 10.14, or when Mac users will no longer be able to run 32-bit applications.

It is recommended that all users review their current software, and begin working with vendors to determine whether 64-bit support will be added, and whether you should budget now for an upgrade.

To check if an application is 32-bit or 64-bit do the following:

  1. Type “Command ⌘ + Space bar”, or click the magnifying glass in the menu bar, to launch Spotlight

  2. Type in System Information and hit Enter when it shows up

  3. Scroll down to the Software section in System Information

  4. Click Applications and wait for your applications to load

  5. The column to the far right in the Applications table will give you a simple, "Yes" or "No" answer as to whether or not your app is 64-bit

As for Windows users, Microsoft has not announced any plans to deprecate 32-bit support for Windows, but users should begin to review Windows applications also.

Related Articles

We’ve all heard the stories about major data breaches at some of the largest online businesses.  3 billion Yahoo customers had their usernames and passwords compromised leaving those users vulnerable to hackers. Target was breached in 2013, exposing the information of 41 million customers.

A strong password is no longer enough to protect you and your data. Multi Factor Authentication (MFA) provides a second layer of security beyond your username and password. Think of it this way: your username and password are “something you know.” MFA requires both “something you know” and “something you have.” At Berkeley Lab, the “something you have” is a physical token that will generate a unique one-time password (OTP). Under MFA, a hacker who has your credentials still can’t access your account, because they lack “the something you have.”

Berkeley Lab has implemented MFA protection for your Berkeley Lab Identity. As a computing best practice and to help protect you against credential theft, you can choose to add MFA protection for your Single-Sign-On (SSO) logins, such as Gmail, Google Calendar, Google Team Drive, LETS, HRIS, etc.

To adopt MFA for your account, follow these simple steps:

  1. Update your Notification Information at

  2. Set up Google Authenticator

  3. Get a YubiKey token by either

    1. submitting a ticket to

    2. attending an IT workshop in your area

  4. Enable MFA by checking “Opt-in to MFA” at

Detailed instructions are available in the Multi Factor Authentication Instructions page.

For additional help, create a ticket by emailing

Related Sites


The IT User Support Group has had several calls from customers this morning regarding the endless reboot loop of their system after installing the latest High Sierra macOS update. Error message is,

“The path /System/Installation/Packages/OSInstall.mpkg appears to be missing or damaged. Quit the installer to restart your computer and try again.”

The system then enters an endless reboot and does not let you log into the computer.


  1. Ensure you have a backup of your computer
  2. Turn off your computer
  3. Holding down the "Option" key, reboot your computer
  4. From the boot menu provided, select your hard drive, i.e. Macintosh HD or the name of your hard drive
  5. Log into your computer
  6. Open a browser and download the 10.13.2 Combo Update via
  7. Install the update
  8. Reboot your computer

If you have any questions. please feel free to contact IT at or click on the link below.


Backup Solution

Go to the software download page and request a Druva inSync backup account. For more information see, Backups.

Generating, remembering and maintaining unique passwords is challenging and nearly impossible today. As the number of mandatory passwords, password length, and password complexity increases, it becomes harder to remember them without relying on risky alternatives such as writing passwords down or reusing passwords for more than one application. Reuse of a password is one of the biggest security vulnerabilities today. Given the recent high profile breaches of company’s user data, if you reuse a password on more than one site you are at risk for all your other sites. Do you know where you reuse your password?

The solution to address this problem is a password manager. Berkeley Lab has now adopted LastPass as an enterprise password manager and you can download it for free from our software download page,

LastPass resides in your browser and helps you store, manage, and automatically provide account name/password information to web-based applications.  As you enter your credentials, LastPass automatically stores it in your safe, encrypted vault.  When you are prompted to provide your credentials, LastPass will automatically identify the correct username and password to enter. Access to your vault is through your “master” password. Your master password is the only password you need to remember.

LastPass has additional features:

  • The ability to sync your vault across any device on any platform at any time

  • The ability to utilize multi-factor authentication

  • The ability to share logins and passwords safely across an organization

  • The ability to run a security check against your password vault to determine where there are duplicates and weaknesses

Don’t wait to get compromised, get your copy of LastPass today.

Related News

IT always cautions users to never upgrade your operating system until you do the following:

  • Ensure you have a full backup of your system just in case you need to roll back

  • Ensure all your current versions of software and peripherals are compatible with the new operating system, see for compatibility tables

For Operations Mac users, IT blocked the upgrade to High Sierra due to incompatibilities with Office 2011, Office 2016 (v15.34 and below), Spirion (formerly known as Identity Finder) and Sophos. IT has now confirmed that Office 2016 v15.35 and higher, Spirion and Sophos are now compatible with macOS High Sierra. IT has now:

  • Allowed the installation of macOS High Sierra to be installed on all systems with Office 2016 version 15.35 and higher

  • Has blocked macOS High Sierra to be installed on systems with Office 2011

IT recommends that users of systems running compatible versions of these applications upgrade to High Sierra. If, following the upgrade, an application is not behaving as expected, users should reinstall the affected application and repeat the testing. While a reinstall of the your software should usually address the issue, problems may persist. If this does not resolve the problem, please open a help ticket via the link below.


This project was possible because IT identified affected systems with BigFix and Casper. To get BigFix for your computer, please visit

Related News

MacKeeper is a well-known utility suite for macOS, which is typically installed by users looking to improve the performance of their system. MacKeeper is known to use aggressive marketing techniques, and has a very poor track record in terms of security, and in its ability to perform as advertised. Further, MacKeeper has been known to destabilize a Mac, undermining its stated purpose.

MacKeeper is increasingly seen as malware because of its pervasive pop up ads and can even be considered spyware. Sophos reported Mackeeper as 2017's most prolific potentially unwanted program on the Mac. Most alarmingly, Mackeeper has a very poor record on security. For example:

With the help of BigFix, we have identified users with MacKeeper on their systems. We will be reaching out to those Lab employees to let them know that we wish to remove MacKeeper from their systems for security reasons. Communication will occur prior to any action.

If you have any questions. please feel free to contact IT at or click on the link below.


This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit

Related news

Do you want to:

  1. Increase your computer security, and reduce the effort needed to keep it that way?

  2. Inventory and report potential computer software and hardware issues?

  3. Help find and track your computer assets?

BigFix can help! In fact, Berkeley Lab IT has BigFix deployed on over 4000 Windows, Mac and Linux systems across the Lab. We recommend that all employees install BigFix on all desktop and laptop systems at the Lab. To get started now, install BigFix from

The single most important thing you can do to protect your system is to keep the operating system and all applications up to date with the latest patches. Hackers target computer running obsolete operating systems and applications, which have well-known and easily-attacked vulnerabilities. For example, if you are running an older web browser, email program, image viewer, instant messaging, or even media player, your system is susceptible to infection with no action on your part other than viewing a malicious site. By installing BigFix, you can be sure that your system will always be running the latest version of the operating system and the most commonly compromised applications. For more information, see

BigFix is also used to detect and report on common issues with your system, including low disk space, vulnerable programs, and even failing hard drives. IT User Support can then proactively help you address these problems before disaster strikes! For example,

  • In October 2017, the popular system utility CCleaner was hacked, and malware was embedded into the newest updates. We were able to identify who had CCleaner installed, notify users of the vulnerability, and help them clean up their systems. For details, see

  • In October 2017 Microsoft released a Windows patch that could cause a computer to fail boot. IT User Support was able to identify these systems, and worked with the users to ensure that reboots were done in a way that wouldn’t impact their work.

BigFix is also being used in the Lab’s current Wall-to-Wall inventory campaign! Any DOE-barcoded system running BigFix and on the LBL network can be automatically checked in to SunFlower, saving your property rep from having to manually scan the barcode. This pilot program is currently under development by the IT and CFO divisions.

For these and many other reasons, we encourage you to install BigFix on your computer systems. BigFix is available from

If you want further information regarding BigFix or need help installing BigFix, enter a help ticket by clicking on the Request Help link below.



As reported yesterday, there's a major security flaw in Apple's newest operating system, High Sierra. The bug allows anyone to gain complete administrative access to the computer when using “root” as the username with a blank password. Berkeley Lab's Cybersecurity team has released this information, Apple OSX High Sierra 10.13 authentication bug.


Apple has released an updated labeled Security Update 2017-001, Ensure you install the update.

BigFix Deployed Apple Update

As of this 11/30/2017 AM, we had some users who had not installed the Apple security update. BigFix discovered these systems and installed the update automatically.

Cyber Security recently changed Berkeley Lab Identity password requirements. The changes included:

  • Your passphrase must be at least 14 characters
  • Your passphrase must pass a strength check that disallows repeated / sequential characters, keyboard patterns, and other trivial passwords
  • Your passphrase must be changed every 12 months, rather than 6 months

For more information see Password Requirements - 2017 Update.


Microsoft recently announced that Windows devices may fail to boot after installing Windows 10 Updates that were released on October 10 2017. This is the result of a problem on Microsoft's end in publishing the updates with IDs KB4041676 and  KB4041691. Microsoft has since revoked these updates, and has provided solutions for affected systems, as detailed below. Functional versions of these patches have since been released. It is estimated that as many as 265 Windows 10 systems running at Berkeley Lab may be impacted. These systems were identified because they have BigFix installed.

If you received an email from IT User Support about this issue, then your system has the potential to be affected. Even if your system appears to be working fine, there is a possibility that your system will fail to boot upon your next restart. 

Note that applying the Microsoft-recommended fix for this issue will require advanced Windows skills, and is best done by an IT professional. You can either apply one of the solutions listed below or contact the IT Help Desk by clicking here to email

While this issue should not cause any loss of data, IT User Support reminds all users that all computers should be backed up, and recommends Druva inSync for this purpose.


Scenario: Windows 10 devices that downloaded the October 10 KB4041676 or KB4041691 update with publishing issues and have NOT YET BEEN REBOOTED

 Fix: Reference “Scenario 2” solution on Microsoft’s Support site,


Scenario: Windows 10 devices that downloaded the October 10 KB4041676 or KB4041691 update with publishing issues and are unable to boot into Windows.

 Fix: Reference “Scenario 3” solution on Microsoft’s Support site,


This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit

Why Chrome OS?

See how the IT User Support Department is trying to stretch dollars to support science, see our story at Chrome OS.

CCleaner Hacked


Some CCleaner installers were found to have third party malware embedded. Though CCleaner fixed their installers quickly, some of users downloaded and unknowingly installed malware. A project in IT User Support was initiated to identify these systems and notify users that their computers could be compromised. We requested removal of the software and a complete Sophos scan to be run to confirm removal of the infected software. We are continuing to monitor systems for potential threat using BigFix.


IT User Support advised staff to do the following:

  1. Uninstall CCleaner
  2. Run a Sophos scan. If you don’t have Sophos installed, please download for our software download page (

Related news

Please note as a part of this investigation, we discovered that the free version of CCleaner cannot legally be installed on Laboratory computers. The IT User Support will be issuing a BigFix offer to remove this software at user convenience. If you don't have BigFix installed on your system please see our IT Software Download Page at

This project was possible because IT identified affected systems with BigFix. To get BigFix for your computer, please visit


Choose a topic from the list on the left, or search for a topic.

For more general LBNL information, please use the Lab's Google Custom Search (GCS)  tool or refer to the A-Z index

If you need to contribute to the IT FAQ's and find you do not have permission, contact the Help Desk and ask that you be added to the Commons faq editors group