Microsoft says its best not to fiddle with its Windows 10 group policies (that don't work)(go Linux) - Sensationalist Headlines

[QUOTE]MICROSOFT HAS RESPONDED to claims that its Windows 10 Enterprise operating system ignores user preferences in Group Policy with the advice that, basically, it does and you shouldn't meddle with it. On Monday, we revealed that a security researcher had used a packet sniffer to show that many settings designed to prevent access to the internet were being ignored with connections to a range of third-party servers including advertising hubs. ... The security researcher, Mark Burnett (@m8urnett), went on to show that with teredo IPv6 disabled, the system still checks for IPv6 connectivity. SmartScreen is disabled but it still connects. Telemetry is disabled. Still connects. Error reporting disabled. Still connects. Sync-related services all disabled at a group level. Still connects. I mean we could go on. Yes? OK then. Online KMS validation disabled, still connects. All connections except Updates to Microsoft blocked. Still connects to a range of ad servers. Yes advertising servers. Burnett confirms that all these calls are made by Windows 10, not by any apps. "So it seems" he goes on "like Microsoft doesn't even honour it's own Group Policy settings" warning "but the big problem here is that people will use third-party apps to block all this and inadvertently block security-related stuff." As if for an encore, Burnett deleted the new Paint 3D, a system app, which he is entirely entitled to do. He found the system restored it and added a firewall rule allowing it network access. Yes. Not even Paint is safe. Microsoft responded late Monday night with a statement explaining: "Enterprise users are able to configure the necessary settings to achieve zero emissions and we provide guidance and actual script to configure their systems. We don't recommend turning off the settings as it disrupts user experiences and security. "We give our customers a number of choices to help manage telemetry settings for an enterprise environment and how to confirm these settings." As ever, because we have no direct conversation with Microsoft (they always respond when we've gone home) we haven't been able to pick them up on the point that this is the bit that isn't working and causing security concerns. The fact that this is happening on Windows 10 Enterprise is of particular concern. [/QUOTE] [URL="https://www.theinquirer.net/inquirer/news/3010547/microsoft-says-its-best-not-to-fiddle-with-windows-10-enterprise-group-policies"]Source[/URL] So now its bundling telemetry with security patches, ignoring and reverting your group policy settings, and fucking with you just to force collected telemetry and advertising even if you shell out for enterprise. Imagine trying to manage a network of these machines at a business or school with them randomly trying to use connections you'd blocked or dealing with security audits. There is actually a version of w10 that doesnt do it, but it's exclusive to the chinese government. People will defend this regardless, even though the "but its better to force everyone to get security updates" stops being valid once people are forced to go with third party shit just to control thier computer, and inevitably block some of the important stuff.

[QUOTE]There is actually a version of w10 that doesnt do it, but it's the chinese government's version.[/QUOTE] There's a certain sense of irony that one of the most restrictive governments in the world have the least restrictive version of windows. :v:

On Windows 10 [B]Enterprise[/B]??? What the fuck kind of drugs are you on Microsoft? This kind of shit on the other versions of Windows 10 was already bad enough.

[QUOTE=BlackMageMari;52292541]There's a certain sense of irony that one of the most restrictive governments in the world have the least restrictive version of windows. :v:[/QUOTE] Even North Korea uses [URL="https://en.wikipedia.org/wiki/Red_Star_OS"]Linux[/URL] :v:

I understand that they want to avoid another windows xp situation, but they are really going overboard with these things on windows 10. Its otherwise a good OS, I really don't get why Microsoft continues to hurt its reputation like this.

[QUOTE=da space core;52292615]I understand that they want to avoid another windows xp situation, but they are really going overboard with these things on windows 10. Its otherwise a good OS, I really don't get why Microsoft continues to hurt its reputation like this.[/QUOTE] The only thing that had anything to do with "avoiding an xp situation" was the forced w7/win8 to win10 updates. The telemetry, the lockdown of admin controls, removal of group policy editor and mandatory updates on non-enterprise versions plus the group policy editor that doesnt even work on entireprise has fuck all to do with avoiding a windows xp situation and i wish people would stop using it as an excuse for their behavior. It's penny pinching greed, your telemetry is worth those pennies to them in bulk even if your privacy and control would be worth a lot more to you.

[QUOTE=Mattk50;52292639]The only thing that had anything to do with "avoiding an xp situation" was the forced w7/win8 to win10 updates. The telemetry, the lockdown of admin controls, removal of group policy editor and mandatory updates on non-enterprise versions plus the group policy editor that doesnt even work on entireprise has fuck all to do with avoiding a windows xp situation and i wish people would stop using it as an excuse for their behavior. It's penny pinching greed, your telemetry is worth those pennies to them in bulk even if your privacy and control would be worth a lot more to you.[/QUOTE] I believe they blocked the group policy because people were using it to avoid updates. As far as telemetry goes, I believe the fears around it are a bit exaggerated, but there still should be a no-nonsense way of out right disabling it

[QUOTE=da space core;52292656]I believe they blocked the group policy because people were using it to avoid updates. As far as telemetry goes, I believe the fears around it are a bit exaggerated, but there still should be a no-nonsense way of out right disabling it[/QUOTE] Isn't there a cmd command someone made as a .bat file to disable that, or is it bypassed now with the updates?

And with Microsoft also pushing the Windows Store more and more, thus pissing of Valve, this finally has to be the year of the Linux desktop! :xfiles:

[QUOTE=da space core;52292656]I believe they blocked the group policy because people were using it to avoid updates. As far as telemetry goes, I believe the fears around it are a bit exaggerated, but there still should be a no-nonsense way of out right disabling it[/QUOTE] They blocked it in the Home edition, but the Pro edition has group policy enabled. The settings for "disabling" it are there, but the furthest you can do is have it notify you that updates exist. The article is a bit misleading because the researcher in question started off with this finding, but realised he did a couple things wrong due to how convoluted the group policy editor is. Some of the options in the group policy settings were in multiple places, so if you shut off one but not one of the others, it'll still work so it appeared to be ignoring the settings. He then found out that if you managed to shut off all these silly telemetry options to get as low of a footprint as possible, half of the OS just shits itself. Here's a link to the original post by the researcher: [url]https://xato.net/windows-spying-and-a-twitter-rant-19203babb2e7[/url]

[QUOTE=nutcake;52292668]And with Microsoft also pushing the Windows Store more and more, thus pissing of Valve, this finally has to be the year of the Linux desktop! :xfiles:[/QUOTE] This is how Bernie can still win!

Why does an enterprise edition even have ads?

[QUOTE=da space core;52292615]I understand that they want to avoid another windows xp situation, but they are really going overboard with these things on windows 10. Its otherwise a good OS, I really don't get why Microsoft continues to hurt its reputation like this.[/QUOTE] If their goal is to avoid another XP situation they should stop giving people reason to not want anything to do with W10. 75% of why I refuse to use 10 is because of how fucking aggressive they are being with ripping control of my computer out of my hands. It pisses me off that I need a third party addon to get a useable UI on W10, but I could deal with that if that was the only major issue with it. Annoying, but work-around-able. This shit? Fuck you, Microsoft, you don't own my computer and you don't have any right forcing it to do things I tell it not to do. To microsoft: Happily, you idiots can't un-block the ports it needs to phone home if I block them in my router instead. Eat a dick you fucking cunts.

[QUOTE=da space core;52292656]I believe they blocked the group policy because people were using it to avoid updates.[/QUOTE] I always see this brought up but I dont know how it's relevant.

[QUOTE=da space core;52292656]I believe they blocked the group policy because people were using it to avoid updates.[/QUOTE] There's no real reason for the home basic user to be tampering with LGP and they can't join domains so it's not too bad that they disabled it there. Regardless, this is where I draw the line. There's no point in Domain Group Policy if Microsoft can revert settings with updates. That's extremely hazardous for business networks and will drive the enterprise market away from Windows.

[QUOTE=TestECull;52292841]If their goal is to avoid another XP situation they should stop giving people reason to not want anything to do with W10. 75% of why I refuse to use 10 is because of how fucking aggressive they are being with ripping control of my computer out of my hands. It pisses me off that I need a third party addon to get a useable UI on W10, but I could deal with that if that was the only major issue with it. Annoying, but work-around-able. This shit? Fuck you, Microsoft, you don't own my computer and you don't have any right forcing it to do things I tell it not to do. To microsoft: Happily, you idiots can't un-block the ports it needs to phone home if I block them in my router instead. Eat a dick you fucking cunts.[/QUOTE] If you want control of your computer that much then why are you using any flavour of Windows at all in the first place? Arch/Gentoo/Fedora will all give you way more control over your computer than Windows 7 will.

[QUOTE=Chubbs;52292899]If you want control of your computer that much then why are you using any flavour of Windows at all in the first place? [/quote] Because I also fucking love playing Fallout: New Vegas, and good fucking luck getting that running on anything that isn't Windows.

[QUOTE=Chubbs;52292899]If you want control of your computer that much then why are you using any flavour of Windows at all in the first place? Arch/Gentoo/Fedora will all give you way more control over your computer than Windows 7 will.[/QUOTE] Windows is mostly necessary for anyone who does more than surf the web. Many professional programs have no cross-compatibility. Not to mention games, and I don't consider the buggy hell that is WINE a solution to that. Oh and Microsoft Office. There are apparently mission-critical formulas in MS Office that no other suite has. And due to how fractured and user-unfriendly Linux is and how there is little to no direction from the community from what I can tell, Linux will NEVER be widespread, and it will certainly not overtake OSX or Windows in market share.

[QUOTE=Chubbs;52292899]If you want control of your computer that much then why are you using any flavour of Windows at all in the first place? Arch/Gentoo/Fedora will all give you way more control over your computer than Windows 7 will.[/QUOTE] Not the point. The point is the most mainstream operating system on the planet has removed a sysadmin's ability to police his own system and by extension, removed that right from every user that isn't in china.

[QUOTE=nagachief;52292919]And due to how fractured and user-unfriendly Linux is and how there is little to no direction from the community from what I can tell, Linux will NEVER be widespread, and it will certainly not overtake OSX or Windows in market share.[/QUOTE] It already has with the mobile market [IMG]http://static1.businessinsider.com/image/537b72f169bedd1e04384fab-1200-924/smartphoneosmarketshare.png[/IMG] It will at some point for the PC market as well, it's just a matter of time

[QUOTE=Michael haxz;52292955]It already has with the mobile market [GRAPH GOES HERE] It will at some point for the PC market as well, it's just a matter of time[/QUOTE] I think most people don't realize Android is Linux. I really don't consider stock Android Linux. It's more like a VM that runs on top of Linux. It's not really a matter of time. The reason Android is a thing is because at it's birth it was heavily unified by Google, pushed by Google, controlled by Google, and updated by Google. Linux for PC is innumerable distros, all of them use different, incompatible package installers (from my experience, they probably are, but requires a high level user to make work), differing Linux versions, and little to no hardware support. You kind of have to be crazy to think it's a matter of time. Unless the 'matter of time' is 20+ years from now.

[QUOTE=da space core;52292615]I understand that they want to avoid another windows xp situation, but they are really going overboard with these things on windows 10. Its otherwise a good OS, I really don't get why Microsoft continues to hurt its reputation like this.[/QUOTE] do you know how they fixed all those issues with win8 that people had? they collected data about how people used windows 8 and then made informed decisions. you can't improve UI if you don't know how people use your UI (ie: the old start menu) you can't improve performance if you don't know what's causing slowdowns you can't fix issues with apps/old programs if bug reports are not collected you can't improve battery-life if you don't know what's using CPU both android, osx, and iOS do the same thing and have no way of disabling it. chrome and safari also collect data. also, the title of this article isn't even correct: MS doesn't clam that the settings are ignored. also, are we accepting theinquirer as a news-worthy source now?

companies and businesses at large are often stuck on running on XP or even older because their software is so out of date, despite things like the recent ransomware attacks demonstrating why you should be using newer, and more secure operating systems. If it is so hard moving people to a new version of windows, what do you think the odds are that they will move to linux, and thus will have to recode all their applications from scratch? In my opinion, the best solution would be for microsoft to stop mucking about and hijacking these user group settings. Let companies set the things as they wish, and if, as a result, they use it to avoid updating and then suffer from malware or hacking attacks, [I]that would be the companies own fault and not of microsoft.[/I]

[QUOTE=TestECull;52292911]Because I also fucking love playing Fallout: New Vegas, and good fucking luck getting that running on anything that isn't Windows.[/QUOTE] [url=https://appdb.winehq.org/objectManager.php?sClass=version&iId=21692]WineHQ - Fallout: New Vegas 1.x[/url] Fucking hmm...

[QUOTE=Nabile13;52293162][URL="https://appdb.winehq.org/objectManager.php?sClass=version&iId=21692"]WineHQ - Fallout: New Vegas 1.x[/URL] Fucking hmm...[/QUOTE] Judging by the link, [I]it runs[/I]. Yeah. But it does have some issues. Plus it also requires that you understand how to tweak WINE, which a lot of non-power users would be helpless at. Windows would still run it better, with less bugs.

One frustrating thing (which has no bearing on the current topic) that Microsoft has been doing is that in the latest version of Windows (The Creative Update IIRC) it replaces programs + features with Apps, and removes Control Panel. Utterly annoying as the quickest way I've been using to get around is to right click my windows logo and get to what I need to.

[QUOTE=nagachief;52293176]Judging by the link, [I]it runs[/I]. Yeah. But it does have some issues. Plus it also requires that you understand how to tweak WINE, which a lot of non-power users would be helpless at. Windows would still run it better, with less bugs.[/QUOTE] Wine has actually come quite a long way recently with game compatibility, most games using directx 9 or opengl will work with minimal tweaking now, add to that the increasing number of games supporting linux certainly makes it much more gamer friendly than it used to be. Dual booting is always an option as well, inconvenient yes, but that's a small sacrifice to have a reliable, secure OS that isn't spying on you.

[QUOTE=Nabile13;52293162][url=https://appdb.winehq.org/objectManager.php?sClass=version&iId=21692]WineHQ - Fallout: New Vegas 1.x[/url] Fucking hmm...[/QUOTE] Yeah, sorry, no. New Vegas is buggy enough when it's running in an environment it's designed for. On top of that I don't have the raw hardware to run it in Wine even if it did like Wine. Which it doesn't. Because it's running on a buggy pile of shit that barely runs when everything is going its way. I'm also not willing to accept their test as 'it works' when they spent thirty minutes walking around Big Mountain. The game's far too expansive and far too buggy for that to be a valid 'does it run'. I've had countless savegames come to a screeching halt because they'd work fine in a DLC area but the overworld crashed them. I've had countless times where a DLC was broken for no reason and I just had to skip it that time. Maybe if they had played it from start to finish...

[QUOTE=Foda;52293126]do you know how they fixed all those issues with win8 that people had? they collected data about how people used windows 8 and then made informed decisions. you can't improve UI if you don't know how people use your UI (ie: the old start menu) you can't improve performance if you don't know what's causing slowdowns you can't fix issues with apps/old programs if bug reports are not collected you can't improve battery-life if you don't know what's using CPU both android, osx, and iOS do the same thing and have no way of disabling it. chrome and safari also collect data. also, the title of this article isn't even correct: MS doesn't clam that the settings are ignored. also, are we accepting theinquirer as a news-worthy source now?[/QUOTE] Collecting data isn't a bad thing. Companies like mozilla do it pretty ethically. Being coercive and deceptive is what's bad.

[QUOTE=TestECull;52293354]Yeah, sorry, no. New Vegas is buggy enough when it's running in an environment it's designed for. On top of that I don't have the raw hardware to run it in Wine even if it did like Wine. Which it doesn't. Because it's running on a buggy pile of shit that barely runs when everything is going its way. I'm also not willing to accept their test as 'it works' when they spent thirty minutes walking around Big Mountain. The game's far too expansive and far too buggy for that to be a valid 'does it run'. I've had countless savegames come to a screeching halt because they'd work fine in a DLC area but the overworld crashed them. I've had countless times where a DLC was broken for no reason and I just had to skip it that time. Maybe if they had played it from start to finish...[/QUOTE] Well tough luck for you, I have no problems running my games using Wine. And when all else fails, you either keep a Windows partition around for running the games that don't run natively or through Wine, or you use GPU passthrough on a virtual machine. But of course you're free to stay on the platform of [i]your[/i] choice, it's not like I'm imposing anything :)