back to article Don't want Windows 10 FILTH on the company network? Step this way

Windows 10 is here. Now, while I have Windows Upgrade Fatigue and I'm in no rush to make the change, plenty of people out there received the upgrade when it arrived. There will certainly going to be a mighty spike in net traffic that day – not least because the upgrade from Windows 7 or Windows 8 is a free one. If you're a …

  1. Tim99 Silver badge
    Joke

    Ah, bless...

    You have just reinvented an idea that a centralized policy should direct exactly what each user can do, just like a mainframe or mini did 40 or 50 years ago.

    1. Anonymous Coward
      Pint

      Re: Ah, bless...

      Occupies lots of cabinets with racks that cover a floor of a building; serious issues with cooling; redundant power provision; and tended by a priestly caste of people. Sounds like a mainframe to me!

      1. Paul Woodhouse

        Re: Ah, bless...

        ahh... you've used an SBS server before then?...

  2. adnim

    Has anyone read

    and understood Microsoft's privacy policy?

    https://www.microsoft.com/en-us/privacystatement/default.aspx

    It will require jumping through hoops and installing a 3rd party software firewall (ingress/egress) to keep your data private.

    A default install will allow Microsoft to log all your keystrokes, read all you communications, log all websites you visit, scan all your files and record everything you say ... I am not sure yet if Cortana listens if it is not addressed. I would be interested in finding out if one disables all of the operating systems snooping ability, what still gets sent to Microsoft.

    1. Destroy All Monsters Silver badge
      Holmes

      Re: Has anyone read

      This is boilerplate lawyerse in case they WANT to do something later or something HAPPENS or someone objects to his DATA travelling out into the Internets and get no-win-no-fee attorneys on the case.

      How far are they really going RIGHT NOW?

    2. David T-Rex

      Re: Has anyone read

      Have you ever used any google service... EVER?

      1. sabroni Silver badge

        you don't have to use google services

        Google analytics is pretty much everywhere.

      2. adnim

        @David Re: Has anyone read

        Have I used Google services?

        Most of Google is blocked at the router.... googletagservices, google-analytics, doubleclick, googleadservices, googlesyndication, googletagservices. Unfortunately ajax.googleapis.com is allowed, it breaks to many websites if blocked.

        Other Google services such as gstatic and googlemaps are allowed on a per site basis. I sometimes search using Google. I did write a scraper similar to Scroogle for search but Google keep changing the tags around their search results and I got fed up of updating my code.

        I use a Gmail address for registering at websites, I last checked mail there over a month ago. I only allow Google to set session cookies. So I guess the answers is yes I do use Google. I don't think they use me much though.

        Citing the bad practice of one company as an argument for the bad practice of another seems illogical to me.

    3. dephormation.org.uk
      Boffin

      Re: Has anyone read

      I can't comprehend why any sane corporate IT user would install Windows 10.

      It opens your internal security and data for Microsoft to exploit at will.

      Never mind using it as a home computing platform.

      With Windows 10, the operating system is no longer the product... you are.

  3. Boris the Cockroach Silver badge
    Joke

    I think

    crucifying in the foyer the first person caught installing win10 would be of great benefit to any organisation.

    Plus it would be a great talking point

    "My word, the easter decorations are a bit severe this year dont you think?"

    PS I'm only joking............ or am I?

    1. Darryl

      Re: I think

      Head on a pike outside the IT department as a warning to others?

      1. Mark 85

        Re: I think

        But first, parade it around the office with much pomp, beating of drums, and sounding of trumpets. Be sure to include the lunchroom, customer areas, etc. as there are some folks who avoid going anywhere near the IT area. Examples must me made!!!!!!

      2. a_yank_lurker

        Re: I think

        How about a barbecue with all the trimmings? With Fred as the host/meal.

        1. Mark 85

          Re: I think

          Make soup instead so all can grok Fred.

      3. David 132 Silver badge
        Happy

        Re: I think

        String them up by their figgins.

        1. Anonymous Coward
          Anonymous Coward

          Re: I think

          The problem comes when a user finds a way to install W10. We stop him being able to do much so he complains to his senior manager who gives the spinless idiot of an IT director a kicking... and then we have to support it anyway.

  4. IJC
    Megaphone

    Stupid, Childish, Clickbait Headlines

    Enough already. Grow up.

    We know a lot of Reg journalists have an unreasoning hate on for Microsoft but at least give the impression of being objective.

    1. Destroy All Monsters Silver badge

      Re: Stupid, Childish, Clickbait Headlines

      They are not calling for ISIS-style Jihad, what more do you WANT?

    2. sabroni Silver badge

      Re: Stupid, Childish, Clickbait Headlines

      If you don't want stupid headlines you're on the wrong site.

      1. 1Rafayal

        Re: Stupid, Childish, Clickbait Headlines

        Regardless, it would nice of the reg to provide a bit more of a balanced perspective on Windows.

        Just for a bit

    3. This post has been deleted by its author

    4. nexsphil

      Re: Stupid, Childish, Clickbait Headlines

      I say we "grow up", and stop turning a blind eye to the tsunami of astroturfing MS drones by rangebanning the fucking lot of you.

  5. Sebby

    Windows Management 101

    Nice to have that confirmed.

    No. I will not purchase server licences just so I can manage clients or say which updates and where these updates come from. Far easier to just not use Windows, or run it disconnected or in a VM or remotely or keep some WSUSoffline DVD images around.

    Macs do allow you to update the OS, yeah. But the installers are delivered as apps, managed separately. You can't update the OS and end up with an entirely new one. There are Mac management issues for dealing with the stupid ads that pop up urging you to install, however. Hiding an update can be done by just option-clicking it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows Management 101

      You're a fucking idiot. Trying to manage any sizable Windows estate without a proper AD setup is a non-starter; and if the business dictates that it has to be Windows (due to legacy applications, or whatever valid reason that you have no hope in fighting) then you don't have a choice. Enjoy playing around with your Macs while the rest of us get some real work done. That's all.

      1. Andrew Williams

        Real work?

        What, you mean playing Solitaire and Minesweeper 24/7?

        One imagines that you would have to spend some time in A&E if someone used Linux and Macs, with followups in a psych ward of course.

  6. Anonymous Coward
    Anonymous Coward

    Windows 10: man updates PC, wakes up to find porn slideshow on repeat

    Another unexpected feature of W10 update.

    http://www.independent.co.uk/life-style/gadgets-and-tech/news/windows-10-man-updates-pc-wakes-up-to-find-porn-slideshow-on-repeat-10430996.html

    1. This post has been deleted by its author

    2. Mark McNeill
      Paris Hilton

      Re: Windows 10: man updates PC, wakes up to find porn slideshow on repeat

      At least he'd put them on the computer himself. Xscreensaver on Linux/OSX may include Webcollage, which creates a screensaver from random images off the internet.

      Paris, because she'll turn up if you wait long enough.

      1. John Brown (no body) Silver badge

        Re: Windows 10: man updates PC, wakes up to find porn slideshow on repeat

        "Webcollage, which creates a screensaver from random images off the internet."

        I've never seen that turned on by default. You need to not only enable it but to go into it's settings to tell it what to do and it WARNS you that random images from the web may include "adult" images. On the other hand, there are slideshow screen savers which may be enabled and may be pre-configured to find image files in certain locations. But again, I've yet to see one of those set as the default screen saver or even for the Xscreensaver (or KDE/Gnome/et al) to be set to pick a random saver.

  7. captain veg Silver badge

    sacked

    "the user will rue their decision as they won't be able to access anything in order do their job"

    You will rue the day that your employer lost business because some "user" was prevented from doing her job by your deliberate action. The computers are there for the business, not your personal gratification.

    -A,

    1. Pascal Monett Silver badge

      Don't think so

      In a properly-run business, it is no business of a user to upgrade his PC.

      Despite all the BYOD malarky, users are not the owners of their work PC and thus do not have the authority to install whatever they want, much less update them.

      Of course, we're talking about companies that have the means to a professional IT department along with the procedures, applications and red tape that goes with it. In those environments, this whole article is a no-go because the network is locked down properly and Group Policies make tinkering all but impossible. SMBs are generally "every man for himself" anyways, but in that case you don't have an IT guy with the knowledge to keep users from buggering up their systems (and barely the time to correct the issues that do arise - if the technical competence is there).

    2. Destroy All Monsters Silver badge
      Paris Hilton

      Re: sacked

      You will rue the day that your employer lost business because some "user" was prevented from doing her job by your deliberate action. The computers are there for the business, not your personal gratification.

      Confused mind.

      Or a babyfaced MS grassrooter who has never had to solve problems created by "productivity tools".

    3. nematoad

      Re: sacked

      "You will rue the day that your employer lost business because some "user" was prevented from doing her job by your deliberate action."

      You might rue it a damn sight more if some numpty introduces something onto the system which then causes an security breach.

      In such as case as has been discussed the person doing unauthorised modifications to the company property has most likely broken terms of either their employment or the acceptable use policy. So any IT person defending the integrity of the company's data and systems is doing their job, the user is not by monkeying around with things that do not concern them, are not in their job specs or have the knowledge to do without great risk.

      Personally I got no satisfaction from keeping the users in line but did from knowing that I may have stopped some disaster happening.

      OK, maybe I did enjoy cracking the whip a little, but only if the user was really stroppy and determined that their way was best and damn company policy.

    4. This post has been deleted by its author

  8. bigphil9009

    Except of course...

    Domain joined machines don't actually get the "Download Windows Update" app(lication). Yeah, I know the other avenues mentioned in the article are still available, but the situation isn't as dire as immediately presented...

    http://winsupersite.com/windows-10/windows-10-upgrade-and-installation-faq-we-figured-out-who-pays-and-who-doesnt

    (I know it's not an MS site, but it's as good as)

    1. This post has been deleted by its author

  9. RIBrsiq

    Why, exactly, would users be able to run -- much less install -- anything, let alone a new edition of Windows, without administrative approval?

    Determined users with physical access to the machine can of course decide to wipe the machine or something drastic like that. But the network admin should notice a machine inexplicably dropping off of the network, no? Which should lead to disciplinary action, etc.

    I'm saying: if you're running a shop where you actually need to do anything at all to stop users installing Windows 10 then you a) certainly have much bigger problems than Windows 10 and b) have absolutely no business running a network in the first place, IMNSHO.

    1. Dan 55 Silver badge

      It seems that if you have OEM machines with OEM Windows then, yes, you will have to stamp on Windows 10 installs. MS weren't upfront about which update GWX was in so making blacklisting the update in WSUS difficult at the beginning. Laptops could download GWX at home. There are determined fanboys who download the ISO. Etc.

      1. Anonymous Coward
        Anonymous Coward

        OPEN licenses seem to have the same problem.

  10. oldtaku Silver badge

    The IT Union

    "If you're a corporate IT person, though, the last thing you need is for your users to be randomly upgrading their desktops and laptops. You presumably have Windows 7 or Windows 8 there for a reason – and that reason is because you have a set of standards that you know how to support and for which your service desk and PC support teams are trained."

    Ahahahahaha *sob* Excuse me gotta wipe a tear from my eye here. Corporate IT is still back on XP because they wanted to control everything with exactly these policies - so now they're so busy doing stupid unnecessary gruntwork that they have no time to upgrade the entire company - and they're terrified anyhow because the dirty secret is that IT knows barely more than the casual users and way less than anyone who actively manages their own PCs at home. So they enshrine it as some sort of sacred priesthood like this. We're back to mainframe days.

    1. Destroy All Monsters Silver badge

      Re: The IT Union

      You will stuff your smug smile up your arsehole once I go all device management on you, sunshine!

    2. Roland6 Silver badge

      Re: The IT Union

      "We're back to mainframe days."

      Nothing wrong about that, 80% of IT is probably pure utility, namely there to support core business processes that have changed very little in decades - Finance departments are still doing double entry bookkeeping...

    3. Just Enough

      Re: The IT Union

      Translated: "I know where the control panel is on my home PC, so I know enough about computers to enterprise manage."

  11. nilfs2
    Pirate

    Piracy no longer possible

    They will lose their biggest installed base, so market share will shrink. Looks like Microsoft will be the main sponsor of Linux on the desktop.

    1. RIBrsiq

      Re: Piracy no longer possible

      I don't know about that...

      I keep an eye on developments on that front and already there seem to be updated KMS emulators out; the same method used to circumvent Windows 8 activation.

      I have no idea if they work, but I haven't read anything suggesting that they wouldn't, either.

    2. CAPS LOCK

      "Microsoft will be the main sponsor of Linux on the desktop."

      'Twas ever thus.

      Posted from my Mint 17 XFCE.

    3. Just Enough

      Re: Piracy no longer possible

      A computer with a copy of pirated Windows does not count as part of Microsoft's "market share" on account of it not being purchased on the market.

  12. Stephen Booth

    What version are you runnign anyway

    Win7 professional does not get the update anyway. If you actually gave your users a proper

    business grade OS in the first place your users would not be tempted.

    1. Destroy All Monsters Silver badge
      Thumb Down

      Re: What version are you runnign anyway

      Evidence says you are making shit up.

      1. RIBrsiq

        Re: What version are you runnign anyway

        I suspect he meant Enterprise and mixed his editions up.

        1. Anonymous Coward
          Anonymous Coward

          Re: What version are you runnign anyway

          I don't have pockets deep enough to install windows server on every fracking desktop.

  13. Anonymous Coward
    Anonymous Coward

    Silly admins. Power users don't bother joining domains

    why on earth would I want to let the backwards, process driven clods in IT tell me what I can run, or have any access to my system for that matter? First thing I do when I get a new laptop is blow away the preload, install the latest and greatest OS and apps, set things up exactly as I want...then grab the certificates from a domain joined VM or system, and setup passthrough authentication to work resources I need. Works like a charm at every company I've ever worked at, including Microsoft themselves, and never been a problem. Heck, if I didn't do that, I would have still been stuck running that backlevel Win7 enterprise crap for years.

    1. RIBrsiq

      Re: Silly admins. Power users don't bother joining domains

      *Please* try that on my network...

    2. Robert Helpmann??
      Childcatcher

      Re: Silly admins. Power users don't bother joining domains

      why on earth would I want to let the backwards, process driven clods in IT tell me what I can run, or have any access to my system for that matter?

      Depending on where you work, the answer might simply be "Because it's not your machine and violation of the acceptable use policy will have you run out the door." In your mind you might be the greatest sysadmin ever, but if you work in a corporate environment you share the risk of any problem you introduce with everyone around you and vice versa. Assuming you in fact are as great as your ego would have us believe, it is unlikely that all of your coworkers are of similar stature, but those "process driven clods in IT" would be forced to let even the janitors to do whatever they wanted in as much as you are allowed. That is typically the way corporate policy works, after all.

      As far as you personally are concerned, are you maintaining your machine and software on your own time or are you charging your employers for for it when you are supposed to be doing something else while they are paying an IT group to handle system administration? Sounds like the wild west to me, partner. Yipee-yo-ki-yay... you can fill in the rest.

      1. Anonymous Coward
        Anonymous Coward

        Re: Silly admins. Power users don't bother joining domains

        Most tech companies, including Microsoft themselves aren't quite that strict. At worst, you might get told off for running a non-standard desktop or laptop, as long as nothing happens. If, of course, I were to somehow screw up and actually get an infection that brought down the corporate network or compromised security, then I'd deserve everything coming to me. The fact is that I can make my system far more secure than corporate IT can. Unlike them, I use the latest OS, I keep it fully patched, and I use a better, more up to date AV solution. I also run VMWare workstation and keep a VM sandboxed for anything risky. In short yes,I know what I'm doing. Corporate IT is for Joe in accounting, or Sally in marketing, who need someone to "manage" their systems. I don't, thanks.

        And for those who said "not on my network", I have yet to find anyone actually running NPS, which is pretty much the ONLY way to block a non-standard user. Then of course, I'd just have to throw my corporate image into a VM.

        1. The Quiet One

          Re: Silly admins. Power users don't bother joining domains

          You, Sir, are a wanker!

        2. lucki bstard

          Re: Silly admins. Power users don't bother joining domains

          Great its people like yourself who ensure I have a job. So keep on playing, its all billable hours to me to fix your issues.

    3. Anonymous Coward
      Anonymous Coward

      Re: Silly admins. Power users don't bother joining domains

      >Works like a charm at every company I've ever worked at

      Obviously never worked at a major UK government department - we detect and kill machines such as yours then revoke your security clearance...

      1. John Tserkezis

        Re: Silly admins. Power users don't bother joining domains

        "Obviously never worked at a major UK government department - we detect and kill machines such as yours then revoke your security clearance..."

        The UK government cares about security? Really? Are you sure?

        1. Anonymous Coward
          Anonymous Coward

          Re: Silly admins. Power users don't bother joining domains

          The UK government cares about security? Really? Are you sure?

          Only when the shapely rear part of a horse comes into view.

        2. SolidSquid

          Re: Silly admins. Power users don't bother joining domains

          They care if you're *caught* as that could lead to a scandal and damage re-election prospects

    4. Hollerith 1

      Re: Silly admins. Power users don't bother joining domains

      Wow. I've worked alongside you, I believe, or another of your clones. And you are just the same in projects as you are with your kit: assuming you know better, doing your own thing, sneering at the rest of the team... and when you leave, we clean up after you and hoist a pint in celebration of your departure.

    5. Anonymous Coward
      Anonymous Coward

      Re: Silly admins. Power users don't bother joining domains

      This.is.so.true. It happens all the time even in larger companies. But to see that much rated thumb down, I might as well rage here.

      Dear all mofo IT that ****ing does this

      If you one of those that

      preload ****ing useless program in the ****ing company's OS,

      ****ing leaves auto update for company's software,

      not ****ing renew ****ing antivirus,

      not ****ing install ****ing antivirus updates,

      not ****ing fix ****ing Microsoft Office when I ****ing called you,

      ****ing not fix ****ing printer driver,

      ****ing slow at ****ing fixing printer driver,

      not ****ing install new company's software and instead delay for a week,

      you don't deserve my respect in joining the domain your way. Specially when you eat all the team's productivity. Not to mention, I can deal with it without being in the domains. When Director requests printouts in color, and there is no color printer driver installed... no I'm not calling you to do it. I'll do it myself. I'll install and test company's software without calling you. I'll deal with anything that admin didn't bother caring to get the team's work done 'on time'.

      This time it is "****ing Admin. Power users don't bother joining domains" for good reasons.

      P.S. I don't even work in the IT field.

  14. VeganVegan
    Alert

    Simples.

    Ban all windows os.

    Mission accomplished.

    (Joke icon, because it is next to the troll icon).

  15. Anonymous Coward
    Anonymous Coward

    slower and sloweeerrrrr

    All this amazing tech you have for stopping this and that and blocking t'other... it's great other than it does a great job of slowing down the whole creative process that I'm paid to do. Work i7 machine is slower at building projects than linux on a vm slice on my home laptop.

    Looks like we might end up doing dev in the cloud - so we can avoid all this security and getting things running pretty light/fast again.

    1. Destroy All Monsters Silver badge
      Devil

      Re: slower and sloweeerrrrr

      I think we here have us one of the "creative persons" responsible for the "designer websites" and "well-written code" inflicted on us honest citizens.

      Might be a witch, too.

      I do think this should be spanish-inquisitioned ....

  16. Andrew Williams

    One wonders about the bedlam that would ensue

    If the plank that wrote this piece woke up tomorrow to discover he needed W10 to run his AD.

    Actually, waking up is probably needed, as he/she/other seems to be living in a dream world.

    1. Anonymous Coward
      Anonymous Coward

      Re: One wonders about the bedlam that would ensue

      Anyone who "needs W10 to run his AD" should be terminally visited by the horse doctor.

  17. Anonymous Coward
    Anonymous Coward

    Give and take

    We were bought by an American company and as part of the IT rules everything had to run the prescribed antivirus solution or it could not be connected to the corporate network. We develop Linux based real-time stuff which could not have the AV installed so we hit a bit of problem, I split the network up, we run training courses with visitors, I split the network some more and kept firewalling the MS network from most things we need to be productive.

    I try to work with users but I dislike the guy (so far only males) who thinks his PC/Laptop is his property and he knows best, as he rarely reviews that or takes anyones opinion, guranteed he wants to take the license-questionable route because he "does at home OK". I know genuine users often just want to get on, but help the system don't just ignore it or it won't evolve.

    But then -

    Right now we have guidance from corp on what cloud services we can use, "a single file share vendor", now that is more of a problem as "use" entails use on corporate PC's and "one file share" is quite restrictive. I hear on the grapevine at corp hq they send dodgy emails and use IM, it says in the written policy we can't, so do I risk breaking rules not observed elsewhere to help staff get on?

    IMHO half the problem is US litigation culture, nobody wants to be on record opening the door to any risk so getting anything approved is near impossible, "getting round the system" becomes the norm and it leaves the auditors raking in the bucks while giving zero...(concern on useability).

  18. Frank N. Stein

    The laptop user who's overinflated ego makes him think he knows best is the first user to call the Tech Support line when something he did to his laptop causes it to get disconnected from the domain and wants it fixed now. They usually try to avoid telling us what they did to cause the problem but in order to fix it, we need to know. In every case, it was a violation of the computer use policy. First time is a written warning. Second time is dismissal. No exceptions. You sign the corporate policy as part of being hired. Everyone from the lowest end employee to Corporate Director's signs that policy and no one gets around it. I've seen many a Manager and Assistant Director let go on violation of corporate policy. The company owns the equipment that they issue to the user, not the user, and the corporation defines what you get to do with that equipment. You signed the policy, so you knew going in that violating it had consequences. That's just the nature of the corporate beast. Doesn't matter if you like the policy or not. It has and always will be enforced.

  19. Medixstiff

    I started reading this article..

    And my first thought was, does this idiot give his staff Admin rights to their PC? Because that's the first mistake anyone can make, you just open yourself to all sorts of support nightmares there.

    1. Roland6 Silver badge

      Re: I started reading this article..

      >And my first thought was, does this idiot give his staff Admin rights to their PC?

      Does GWX require the user to have admin rights to do it's stuff?

      I suspect that one additional key policy change is to disable "all users can install Windows updates".

      However, be prepared for users to complain when 'Windows' forces an update when they are doing something important.

      As I've noted elsewhere Windows, including 10 does not include functionality to fully preserve a user's state, install updates and restore state. [Aside: Yes I know other OS's don't do this, but my point isn't to promote the competition, but to note that Windows (and other end user OS's) could be much, much better if MS could be bothered to focus on real issues rather than fiddling with pixels and bling.]

  20. Yer Mother You Will

    Monkeys

    Re Microsoft: If you pay a good rate you get the best mate.

    Pay peanuts, then you get monkeys.

  21. zen1

    Stupid Microsoft... They're why we can't have anything nice! Altho the porn slide show was pretty damn funny

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like