This is the problem with subscriptions, the power is now in Microsoft’s hands. I’m sure they employ many capable hands, which have their customers interest at heart. Unfortunately, I’m also sure they this particular groups is vastly outnumbered inside the Microsoft ranks.
The rest of them is in this game for the money. Not a bad thing in and off itself, don’t get me wrong. But a subscription model? Currently they are showing their good side, with reasonable prices for reasonable service.
But that won’t last, and then Microsoft has more control over your data and content than you do yourself. Call me old-fashioned all you want, but moving everything to the cloud is a tactical mistake. Well, a tactical mistake for anyone but Microsoft.
Besides, “computing” in general only began to take flight after most tech companies let go of their “main-frame mindset” and the vendor lock-in that comes with that. And yet, nowadays so many systems/companies swallowed the tech companies BS reasons hook, line and sinker.
As if this whole to the cloud movement isn’t anything else than the “main-frame mindset” and customers are back again on the “receiving end” of the vendor lock-in. If you have ever had the unfortunate experience of dealing with Oracle’s sales department, you would already have known what to brace for when you give companies with money-lust so much control over your data. Oracle never lost their “main-frame mindset”.
And Microsoft has an unfettered lust for money. These days they were smarter by hiring better PR than they did in their early days. But their lust for money has never wavered one inch. Seems like a lot of people/companies need to learn that lesson again…the hard way. Unfortunately.
Does anyone have an answer ByDesign1977’s question… If you encrypt all usb drives, is there a way to exclude certain usb drives based on vendor/product ID so that a specif type don’t get encrypted? Thanks in advance.
I have just under 50 years in the computer business, many of those decades as sysadmin in Fortune 50 data centers. And all of them in various stages of software and OS development. I very much understand the complexity and potential for error in every OS and application.
Not everybody is at high risk and needing the latest and greatest fixes for security exploits. My private clients quietly run their businesses without endless browsing of internet sites or social media. One client is forced to remain on WinXP until they retire, due to their application package being forever constricted to XP, and the “upgrade” priced beyond reach at $30,000 USD.
I personally do not care for the invasive nanny in the newer Windows offerings, so I avoid them. I keep all the latest versions on VMs for learning purposes, but not for my personal use.
I may be obsolete, but I truly do not care for subscription based products. Some of us are just fine doing our work without needing the latest and greates.
It is a doubled edge sword, you can stay on your older software/OS but then you have to accept the security exploits that do not get fixed or get updated because it is no longer supported, or you go down the road of having the latest bits and security updates. Unfortunately those are not FREE and before you yarn about it being their fault (writers of that software/OS) just remember nobody can write the perfect solution out of the box, we are all just human and errors are a indelible human trait. Having written software and managed networks for many-a-years I can attest to that.
Does anyone know if the Office 2016 connectivity to Office 365 ending in 2023 is a recent change of Microsoft policy? I was aware of the 2025 EOL but the Office 365 connectivity is a but of shock. Thanks.
Can we have OS drive (C: drive as non persistent) and second drive (D:) as persistent? i am seeing that the OS drive setting is taking effect on second drive as well. Both C and D drive are behaving as non-persistent in this case, even though D drive is set to non-persistent.
Yes, and those corporations are playing with fire, but that doesn’t mean we shouldn’t take caution in advising potential actions. Obviously, no sysadmin should take any action unless it’s cleared with the security team – and if RDP is disabled for security reasons then they shouldn’t be using *any* of the processes listed here to seek to enable it unless they have the blessing of said Security team (*not* just sysadmin role benefits). I’m not objecting to the content of the article technically – it’s perfectly sound, and contains good (and reasonably thorough) information. I guess the core point is that I would expect to see a disclaimer along the lines of, ‘obviously work within the security boundaries of your corporate environment, and don’t action any of these activities unless you have explicit sanctioning to do so.’ Just as many organisations are probably running laxer-than-suitable desktop security, probably many are also running with junior admins with domain-wide privileges and part of their education (since it’s presumably towards those admins that the piece is targeted) is precisely to appreciate the security context of an organisation and not *just* the technical capabilities. Anyway to your basic justification, if [said sysadmin] doesn’t have time to deploy a GPO but they have time to pull up an independent internet article to reference [with untrusted/unknown scripts!] the under-the-table actions then their priorities as an admin are already in the drink. And note as I mentioned earlier the issue with PSexec is not its direct usage, per se [although my earlier point about approval & process in that regard still stands] but mostly to do with the availability of the tool on a host for hackers to benefit from. The tool should always come with an explicit warning such as: “**Only** use this tool with explicit approval from your organisation’s security team *and* ensure it is removed from every machine after the operation is completed.”
Thank you for those details. I have a query if anyone can answer. Reference host is selected adn exacted host profile from there. Now this profile is attached to another host which is newly installed. When it is checked for compliance, it shows Host Customization Required. But when Host Customization is clicked and opened, it shows empty box. Can you assist?
Allowed by whom? Microsoft does not decide corporate security, which is just as well obviously. Like I said, is a great tool, but too powerful, and it is utterly irresponsible to advise users about this tool unless you also make clear that users in corporate settings must not operate such tools without the strict blessing of their IT/security teams. That goes for any “fix” or action really. You actually need to be putting at the beginning of any article, “don’t do this on your business device unless you have the blessing of the relevant IT body” etc. Because it’s tools like this and other things that people download after reading about it on a helpful website that allow hackers to run amok once they can acquire entry via a compromised device.
Do not download any tool, Microsoft or otherwise, to your corporate device and attempt to “fix” things on your or other computers without the explicit approval of your IT team. Astounding that this even needs to be said.