Ah, bless...
You have just reinvented an idea that a centralized policy should direct exactly what each user can do, just like a mainframe or mini did 40 or 50 years ago.
Windows 10 is here. Now, while I have Windows Upgrade Fatigue and I'm in no rush to make the change, plenty of people out there received the upgrade when it arrived. There will certainly going to be a mighty spike in net traffic that day – not least because the upgrade from Windows 7 or Windows 8 is a free one. If you're a …
and understood Microsoft's privacy policy?
https://www.microsoft.com/en-us/privacystatement/default.aspx
It will require jumping through hoops and installing a 3rd party software firewall (ingress/egress) to keep your data private.
A default install will allow Microsoft to log all your keystrokes, read all you communications, log all websites you visit, scan all your files and record everything you say ... I am not sure yet if Cortana listens if it is not addressed. I would be interested in finding out if one disables all of the operating systems snooping ability, what still gets sent to Microsoft.
Have I used Google services?
Most of Google is blocked at the router.... googletagservices, google-analytics, doubleclick, googleadservices, googlesyndication, googletagservices. Unfortunately ajax.googleapis.com is allowed, it breaks to many websites if blocked.
Other Google services such as gstatic and googlemaps are allowed on a per site basis. I sometimes search using Google. I did write a scraper similar to Scroogle for search but Google keep changing the tags around their search results and I got fed up of updating my code.
I use a Gmail address for registering at websites, I last checked mail there over a month ago. I only allow Google to set session cookies. So I guess the answers is yes I do use Google. I don't think they use me much though.
Citing the bad practice of one company as an argument for the bad practice of another seems illogical to me.
I can't comprehend why any sane corporate IT user would install Windows 10.
It opens your internal security and data for Microsoft to exploit at will.
Never mind using it as a home computing platform.
With Windows 10, the operating system is no longer the product... you are.
This post has been deleted by its author
Nice to have that confirmed.
No. I will not purchase server licences just so I can manage clients or say which updates and where these updates come from. Far easier to just not use Windows, or run it disconnected or in a VM or remotely or keep some WSUSoffline DVD images around.
Macs do allow you to update the OS, yeah. But the installers are delivered as apps, managed separately. You can't update the OS and end up with an entirely new one. There are Mac management issues for dealing with the stupid ads that pop up urging you to install, however. Hiding an update can be done by just option-clicking it.
You're a fucking idiot. Trying to manage any sizable Windows estate without a proper AD setup is a non-starter; and if the business dictates that it has to be Windows (due to legacy applications, or whatever valid reason that you have no hope in fighting) then you don't have a choice. Enjoy playing around with your Macs while the rest of us get some real work done. That's all.
This post has been deleted by its author
At least he'd put them on the computer himself. Xscreensaver on Linux/OSX may include Webcollage, which creates a screensaver from random images off the internet.
Paris, because she'll turn up if you wait long enough.
"Webcollage, which creates a screensaver from random images off the internet."
I've never seen that turned on by default. You need to not only enable it but to go into it's settings to tell it what to do and it WARNS you that random images from the web may include "adult" images. On the other hand, there are slideshow screen savers which may be enabled and may be pre-configured to find image files in certain locations. But again, I've yet to see one of those set as the default screen saver or even for the Xscreensaver (or KDE/Gnome/et al) to be set to pick a random saver.
"the user will rue their decision as they won't be able to access anything in order do their job"
You will rue the day that your employer lost business because some "user" was prevented from doing her job by your deliberate action. The computers are there for the business, not your personal gratification.
-A,
In a properly-run business, it is no business of a user to upgrade his PC.
Despite all the BYOD malarky, users are not the owners of their work PC and thus do not have the authority to install whatever they want, much less update them.
Of course, we're talking about companies that have the means to a professional IT department along with the procedures, applications and red tape that goes with it. In those environments, this whole article is a no-go because the network is locked down properly and Group Policies make tinkering all but impossible. SMBs are generally "every man for himself" anyways, but in that case you don't have an IT guy with the knowledge to keep users from buggering up their systems (and barely the time to correct the issues that do arise - if the technical competence is there).
You will rue the day that your employer lost business because some "user" was prevented from doing her job by your deliberate action. The computers are there for the business, not your personal gratification.
Confused mind.
Or a babyfaced MS grassrooter who has never had to solve problems created by "productivity tools".
"You will rue the day that your employer lost business because some "user" was prevented from doing her job by your deliberate action."
You might rue it a damn sight more if some numpty introduces something onto the system which then causes an security breach.
In such as case as has been discussed the person doing unauthorised modifications to the company property has most likely broken terms of either their employment or the acceptable use policy. So any IT person defending the integrity of the company's data and systems is doing their job, the user is not by monkeying around with things that do not concern them, are not in their job specs or have the knowledge to do without great risk.
Personally I got no satisfaction from keeping the users in line but did from knowing that I may have stopped some disaster happening.
OK, maybe I did enjoy cracking the whip a little, but only if the user was really stroppy and determined that their way was best and damn company policy.
This post has been deleted by its author
Domain joined machines don't actually get the "Download Windows Update" app(lication). Yeah, I know the other avenues mentioned in the article are still available, but the situation isn't as dire as immediately presented...
http://winsupersite.com/windows-10/windows-10-upgrade-and-installation-faq-we-figured-out-who-pays-and-who-doesnt
(I know it's not an MS site, but it's as good as)
This post has been deleted by its author
Why, exactly, would users be able to run -- much less install -- anything, let alone a new edition of Windows, without administrative approval?
Determined users with physical access to the machine can of course decide to wipe the machine or something drastic like that. But the network admin should notice a machine inexplicably dropping off of the network, no? Which should lead to disciplinary action, etc.
I'm saying: if you're running a shop where you actually need to do anything at all to stop users installing Windows 10 then you a) certainly have much bigger problems than Windows 10 and b) have absolutely no business running a network in the first place, IMNSHO.
It seems that if you have OEM machines with OEM Windows then, yes, you will have to stamp on Windows 10 installs. MS weren't upfront about which update GWX was in so making blacklisting the update in WSUS difficult at the beginning. Laptops could download GWX at home. There are determined fanboys who download the ISO. Etc.
"If you're a corporate IT person, though, the last thing you need is for your users to be randomly upgrading their desktops and laptops. You presumably have Windows 7 or Windows 8 there for a reason – and that reason is because you have a set of standards that you know how to support and for which your service desk and PC support teams are trained."
Ahahahahaha *sob* Excuse me gotta wipe a tear from my eye here. Corporate IT is still back on XP because they wanted to control everything with exactly these policies - so now they're so busy doing stupid unnecessary gruntwork that they have no time to upgrade the entire company - and they're terrified anyhow because the dirty secret is that IT knows barely more than the casual users and way less than anyone who actively manages their own PCs at home. So they enshrine it as some sort of sacred priesthood like this. We're back to mainframe days.
I don't know about that...
I keep an eye on developments on that front and already there seem to be updated KMS emulators out; the same method used to circumvent Windows 8 activation.
I have no idea if they work, but I haven't read anything suggesting that they wouldn't, either.
why on earth would I want to let the backwards, process driven clods in IT tell me what I can run, or have any access to my system for that matter? First thing I do when I get a new laptop is blow away the preload, install the latest and greatest OS and apps, set things up exactly as I want...then grab the certificates from a domain joined VM or system, and setup passthrough authentication to work resources I need. Works like a charm at every company I've ever worked at, including Microsoft themselves, and never been a problem. Heck, if I didn't do that, I would have still been stuck running that backlevel Win7 enterprise crap for years.
why on earth would I want to let the backwards, process driven clods in IT tell me what I can run, or have any access to my system for that matter?
Depending on where you work, the answer might simply be "Because it's not your machine and violation of the acceptable use policy will have you run out the door." In your mind you might be the greatest sysadmin ever, but if you work in a corporate environment you share the risk of any problem you introduce with everyone around you and vice versa. Assuming you in fact are as great as your ego would have us believe, it is unlikely that all of your coworkers are of similar stature, but those "process driven clods in IT" would be forced to let even the janitors to do whatever they wanted in as much as you are allowed. That is typically the way corporate policy works, after all.
As far as you personally are concerned, are you maintaining your machine and software on your own time or are you charging your employers for for it when you are supposed to be doing something else while they are paying an IT group to handle system administration? Sounds like the wild west to me, partner. Yipee-yo-ki-yay... you can fill in the rest.
Most tech companies, including Microsoft themselves aren't quite that strict. At worst, you might get told off for running a non-standard desktop or laptop, as long as nothing happens. If, of course, I were to somehow screw up and actually get an infection that brought down the corporate network or compromised security, then I'd deserve everything coming to me. The fact is that I can make my system far more secure than corporate IT can. Unlike them, I use the latest OS, I keep it fully patched, and I use a better, more up to date AV solution. I also run VMWare workstation and keep a VM sandboxed for anything risky. In short yes,I know what I'm doing. Corporate IT is for Joe in accounting, or Sally in marketing, who need someone to "manage" their systems. I don't, thanks.
And for those who said "not on my network", I have yet to find anyone actually running NPS, which is pretty much the ONLY way to block a non-standard user. Then of course, I'd just have to throw my corporate image into a VM.
Wow. I've worked alongside you, I believe, or another of your clones. And you are just the same in projects as you are with your kit: assuming you know better, doing your own thing, sneering at the rest of the team... and when you leave, we clean up after you and hoist a pint in celebration of your departure.
This.is.so.true. It happens all the time even in larger companies. But to see that much rated thumb down, I might as well rage here.
Dear all mofo IT that ****ing does this
If you one of those that
preload ****ing useless program in the ****ing company's OS,
****ing leaves auto update for company's software,
not ****ing renew ****ing antivirus,
not ****ing install ****ing antivirus updates,
not ****ing fix ****ing Microsoft Office when I ****ing called you,
****ing not fix ****ing printer driver,
****ing slow at ****ing fixing printer driver,
not ****ing install new company's software and instead delay for a week,
you don't deserve my respect in joining the domain your way. Specially when you eat all the team's productivity. Not to mention, I can deal with it without being in the domains. When Director requests printouts in color, and there is no color printer driver installed... no I'm not calling you to do it. I'll do it myself. I'll install and test company's software without calling you. I'll deal with anything that admin didn't bother caring to get the team's work done 'on time'.
This time it is "****ing Admin. Power users don't bother joining domains" for good reasons.
P.S. I don't even work in the IT field.
All this amazing tech you have for stopping this and that and blocking t'other... it's great other than it does a great job of slowing down the whole creative process that I'm paid to do. Work i7 machine is slower at building projects than linux on a vm slice on my home laptop.
Looks like we might end up doing dev in the cloud - so we can avoid all this security and getting things running pretty light/fast again.
We were bought by an American company and as part of the IT rules everything had to run the prescribed antivirus solution or it could not be connected to the corporate network. We develop Linux based real-time stuff which could not have the AV installed so we hit a bit of problem, I split the network up, we run training courses with visitors, I split the network some more and kept firewalling the MS network from most things we need to be productive.
I try to work with users but I dislike the guy (so far only males) who thinks his PC/Laptop is his property and he knows best, as he rarely reviews that or takes anyones opinion, guranteed he wants to take the license-questionable route because he "does at home OK". I know genuine users often just want to get on, but help the system don't just ignore it or it won't evolve.
But then -
Right now we have guidance from corp on what cloud services we can use, "a single file share vendor", now that is more of a problem as "use" entails use on corporate PC's and "one file share" is quite restrictive. I hear on the grapevine at corp hq they send dodgy emails and use IM, it says in the written policy we can't, so do I risk breaking rules not observed elsewhere to help staff get on?
IMHO half the problem is US litigation culture, nobody wants to be on record opening the door to any risk so getting anything approved is near impossible, "getting round the system" becomes the norm and it leaves the auditors raking in the bucks while giving zero...(concern on useability).
The laptop user who's overinflated ego makes him think he knows best is the first user to call the Tech Support line when something he did to his laptop causes it to get disconnected from the domain and wants it fixed now. They usually try to avoid telling us what they did to cause the problem but in order to fix it, we need to know. In every case, it was a violation of the computer use policy. First time is a written warning. Second time is dismissal. No exceptions. You sign the corporate policy as part of being hired. Everyone from the lowest end employee to Corporate Director's signs that policy and no one gets around it. I've seen many a Manager and Assistant Director let go on violation of corporate policy. The company owns the equipment that they issue to the user, not the user, and the corporation defines what you get to do with that equipment. You signed the policy, so you knew going in that violating it had consequences. That's just the nature of the corporate beast. Doesn't matter if you like the policy or not. It has and always will be enforced.
>And my first thought was, does this idiot give his staff Admin rights to their PC?
Does GWX require the user to have admin rights to do it's stuff?
I suspect that one additional key policy change is to disable "all users can install Windows updates".
However, be prepared for users to complain when 'Windows' forces an update when they are doing something important.
As I've noted elsewhere Windows, including 10 does not include functionality to fully preserve a user's state, install updates and restore state. [Aside: Yes I know other OS's don't do this, but my point isn't to promote the competition, but to note that Windows (and other end user OS's) could be much, much better if MS could be bothered to focus on real issues rather than fiddling with pixels and bling.]