Hacker News new | comments | ask | show | jobs | submit login
Microsoft no longer allows admins to block Windows Store access in Win10 Pro (zdnet.com)
297 points by walterbell on May 5, 2016 | hide | past | web | favorite | 239 comments

If Microsoft wants SMBs to use Enterprise then make the Enterprise edition more easily available to SMBs, don't try to force them to move to it by making petty little changes to make their life more difficult.

I can go on the Google Apps website right now and buy myself seats with a few clicks and a few minutes. If I want to buy Windows Enterprise licenses it will take weeks, cost an unclear amount (at the onset), and I'll have to talk/negotiate with pointless sales drones.

I worked for a startup, under 20 machines, I tried to buy then Windows 7 Enterprise. Microsoft's partners were super unhelpful, disinterested in a small account, refused to provide clear pricing, and I was getting upsold even before we got the basics squared away ("I'll just add on 20 CALs, a Windows Server license, and let's talk exchange!"). Ultimately we just gave up, and used Windows 7 Home(!) for three years.

People want to give Microsoft money, but Microsoft is intent on making the entire thing as painful as possible and their licensing as obtuse as possible. Office 365 Business gets a lot of shit, but it is a dream come true for startups, you pay one cost, and one user gets their Office license key, email, and some cloud storage taken care of.

Where is the Windows version of Office 365? Why can't I just pay a per user fee and get one Windows Enterprise key, the CAL, and Azure-based AD?

Time is money, and Microsoft likes to waste a lot of time. I'd prefer to spend a few dollars more a year and have a simple streamline process of licensing, than spend weeks being jerked around just to maybe get a few bucks off of a fake price anyway.

I lived through the exact same disaster. I spent HOURS on the phone trying to acquire a license for Windows 7 Enterprise, I needed it for Hyper-V. Microsoft's main number, dead-end IVR system. Tried the Microsoft Store, they routed me to the dead-end IVR system. 50 or so minutes after my initial attempt I got some person that could barely speak English from India routing me to a voicemail, a couple of times Microsoft's phone system plain hung up on me after having me on hold for 20+ minutes.

Eventually I got some person at a Microsoft Store felt bad about the whole thing and took 2 days to get a number for a rep a CDW who could get me the price. That rep didn't have the price, but took my information after a 15 minute call and promised to get it to me. When she did days later, she couldn't give me a final price because she forgot I needed a user CAL and a remote access CAL. When I went to make the final purchase, she said oh, actually we can't do it because Microsoft won't sell the Windows 7 license anymore only Windows 10.

The whole process made me feel like I was losing my mind.

Unfortunately, that is common with many large companies, including Microsoft. I've practically begged them to take my money but sometimes nobody seems to know how to do it.

In the past I've heard that if you need an XP license and Microsoft won't sell one, installed a pirated version of XP and then let it do it's genuine windows check, which will fail. Right after it fails, you are given a way to actually pay for a license. I'm guessing this no longer works, but it did for a while.

And even they have not supporting Windows XP now. I have used Windows 7, 8 and Windows 10. But still loves XP.

Nobody knows what Microsoft wants to do, they have Acquired Nokia but nothing goes well.

> I spent HOURS on the phone trying to acquire a license for Windows 7 Enterprise, I needed it for Hyper-V.

I'm not sure why you're trying to do that.

Windows 7 cannot run Hyper-V. You can install the Hyper-V Manager on Windows 7, but that only requires Pro or Ultimate. [1]

Client Hyper-V was only added in Windows 8, and you only need Pro. [2]

[1] https://social.technet.microsoft.com/Forums/en-US/f0f1dc3d-9...

[2] https://blogs.msdn.microsoft.com/b8/2011/09/07/bringing-hype...

Windows 7 was the VM, not the host.

> Windows 7 was the VM, not the host.

Oh. Then I agree with you that Microsoft screwed up the licensing -- but it's a different screw-up.

Windows 7 Ultimate is just like Windows 7 Enterprise, except for the virtualization rights. With Enterprise, each license allows 4 concurrent VMs. With Ultimate, you only get one.

The original idea of Ultimate was to be a consumer version of Enterprise. You didn't have to go through a salesman. You could just buy Ultimate on Newegg or Amazon.

However, Microsoft crippled Ultimate by putting in the 1-VM restriction. Considering how much Ultimate cost, this was a really cheap move on Microsoft's part.

"I lived through the exact same disaster."

Might it be easier to just get an OS-level subscription to MSDN ? I got one of those a few years ago for rsync.net and it was quick and easy to purchase ... and then we had everything.

Certainly more expensive to get MSDN than a single OS license, but it's not that expensive ...

MSDN is not licensed for production, I assume you mean you're using it just for development and testing.

MS Partner on the other hand is licensed for internal-only production use.

"MSDN is not licensed for production, I assume you mean you're using it just for development and testing."

Oh, right.

Yes, we just used it to test clients against rsync.net.

Recommended (MSDN, that is), if you're in that situation...

Reminds of the time when I wanted to get a license for a piece of software and they only offered training courses for teams coupled with a software license. I chalked it off as being outside their customer target group.

Which software was that? Sounds very "enterprise".

It wasn't enterprise, but the company is nice to the community otherwise, so I don't want to name them here. They just didn't seem to have single-developer target as part of their sales process.

You are supposed to use downgrade rights, which every VL agreement have.

"The whole process made me feel like I was losing my mind."

And perhaps Microsoft shareholders are beginning to feel as if they might be losing their capital soonish... This sounds like The End.

A tad hyperbolic, don't you think?

Not necessarily, it's entirely possible for a company to severely damage itself by creating too much friction in the sales process.

This is the sort of thing that helped kill Sun, although the circumstances were sufficiently different it wouldn't play out in the same way: https://news.ycombinator.com/item?id=11601146 (especially when much of the competition is entirely free, e.g. AWS doesn't run on Windows).

Same thing with Xerox not all that long ago, they had a near death experience because the salesmen got so much pointless process larded into what they had to do to do their jobs. Note also one of the newer HP CEOs who upon getting his job said that one of his top priorities was streamlining the sales process.

Microsoft had a train wreck with Windows 8. They're on track for another train wreck with Windows 10 that they seem to be actively compounding at every turn by adopting a customer-hostile strategy. They're supposedly shifting towards more cloud- and device-based models as a corporate strategy, but being comprehensively out-competed in both markets on almost all counts by other big tech firms. And their share price has been pretty flaky since it became clear how Windows 10 was actually going to work.

At some point, the hyperbole starts looking like a plausible assessment.

Adding my voice to the chorus.

The Microsoft Windows ecosystem is a god send for those wanting to enforce single sign on, roaming profiles and group policy to control things deploy Chrome, 7-Zip or all manner of apps straight to the desktop or lock down access for say the demo room machines but give full access to engineering notebooks and enforce things like password policy, mapped network drives, etc.

It honestly just works and is fantastic in practise for companies wanting to enforce good IT policies with 10+ employees (in comparison try doing the above with Mac OS X + Mac OS X Server - like pulling teeth).

However Microsoft's licensing is absolutely fracking byzantine.

* I first need a server license - is it per socket or per core?

* Then I need my desktop licenses - do I need Pro or Enterprise? Or heck, maybe Ultimate only has the regional language options I need?

* Then I apparently need a fracking Client Access License for not only Windows Server to Windows Desktop services but for god damn DNS and DHCP services too! Like seriously MS - are you kidding me? So every iOS or Android device which pops up on our Windows DHCP/DNS needs a CAL apparently.

Now the whole cluster fudge above would be barely tolerable for any well funded startup or company IF Microsoft made buying these licenses easy.

If the above nightmare sounds bad however, just try getting licensed for it all and ensuring you're compliant.

It's seriously, a real damn shame because Microsoft Windows Server + Windows desktop is fantastic. When put together it really does work beautifully. It's just such a shame that MS seems to shoot itself in the foot consistently when it comes to figuring out their licensing.

> So every iOS or Android device which pops up on our Windows DHCP/DNS needs a CAL

Only if you have Device CALs. If you are using User CALs then each user is licensed for as many devices as they/you want.

We have good sales company (in the UK) with a really great sales REP. We moved with him when he changed companies a couple of years back. We call him up, and we have an open license the next day. That said there are some pretty aweful MS partners.

> When put together it really does work beautifully.

Except for the forced reboots because their OS still can't completely update itself at run time.

Neither can Linux or OS X.

Linux goes a long way towards updating while running. In fact, in my seven years of administering Linux – and my distro updates once a week – I never had to reboot to continue an update. Every update - during and after - I could continue using my system exactly as I was using it before.

Enterprise Linux also has the feature of updating the kernel on-the-fly. The infrastructure for it has been open-source, and anyone could build a similar service for themselves if they wanted.

I'm pretty sure I've updated the kernel on the fly when trying to update the kernel on Digital Ocean-- the stock kernel loads (let's call it the bootstrap kernel) and then it eventually calls some code that replaces the running kernel with a newer more modern version. I've forgotten the details, as it sounded kludgy, but I'm pretty use like anything else Linux, a reboot isn't always required.

In fact, with Nano server, Microsoft is trying to go that direction too -- the less you have running, the easier to avoid reboots.

But the real solution is trying to be reboot-tolerant by having a slight bit of redundancy, I would think. Uptime matters more for pet/snowflake servers than for cattle....

> I'm pretty sure I've updated the kernel on the fly when trying to update the kernel on Digital Ocean

What you go on to describe sounds a lot like kexec, and a kexec is the same thing as a reboot for everything on a computer except the hardware. The new kernel during a kexec starts with a freshly-booted state.

What I meant was – and perhaps I wasn't clear enough – updating the kernel in-memory, while it runs so that even your userspace apps notice nothing - except perhaps a few fractions of seconds of time slipping by - and continue running while the kernel they're running on top of is patched with new code.

This has been possible for a while on Linux. It began with, IIRC, Ksplice as a college-project, then a startup, then bought-out by Oracle for Oracle Linux, then independent efforts at similar implementations by both Red Hat and Suse, which eventually got merged together and mainlined into Linus's tree.

For Linux it only really needs to reboot for kernel updates. If you don't update your kernel often, then you could do updates every day and not have to reboot at all.

At home I run Arch Linux, and I do updates almost every day. Usually my uptime can easily be measured in weeks.

At work I have Windows 7 on my laptop. I have to restart my laptop twice a week at a minimum, because every tiny fucking update requires a restart. And if I don't then it nags like a little bitch every 2-4 hours and breaks my concentration. And if you take too long then it forces the update and your work is lost. I hate having to close all my apps every 2 days and wait for ages while it restarts. From a user's perspective, Windows is the shittiest desktop experience available in a corporate environment.


Windows 7 is almost 7 years old though. Just the other day I noticed that my Windows 10 machine updated its video driver without having to restart. Things have definitely improved since Windows 7.

Windows 7 actually has that ability, too! I even think that change came with the new graphics driver model (WDDM) in vista.


I solved that by turning updates of. Not secure, technically, but neither is high blood pressure.

>in comparison try doing the above with Mac OS X + Mac OS X Server - like pulling teeth

Because OS X Server is complete crap. As is ARD. Not even Apple uses OS X Server to manage their devices. I believe they use JAMF's Casper.

The ironic thing is that when Microsoft launched Windows NT they successfully disrupted Novell's Netware business largely by just being easier to purchase. Back then Netware was a superior product in most ways, but the only way to get it was to buy through an authorized local reseller. Dealing with those shops was a huge hassle and expense. Whereas anyone with a credit card could call up a catalog retailer and order as many different NT licenses as they wanted.

> Where is the Windows version of Office 365? Why can't I just pay a per user fee and get one Windows Enterprise key, the CAL, and Azure-based AD?

It used to be an optional tier of Windows Intune (now known as Microsoft Intune), which they have since killed (stupid decision, IMO). However, you can just directly join a Windows 10 (Pro?) system to Azure AD, Enterprise is only necessary for things like DirectRoute, you may not be able to block the Windows Store entirely but you can restrict people from using non-whitelisted applications IIRC.

If you want to manage software updates, deploy applications, Microsoft Intune is still a great option (even includes endpoint protection for PC's) at $6/usr/mo. It's just too bad they got rid of the $10/usr/mo tier that had the Windows Enterprise license.

It is too bad about Intune. I think the Azure AD with joining is only hybrid, unless I've missed something, which means you still need a local AD resource. Reminds me of Azure-compatible Storage Spaces Dorect -- an amazing idea until they told me I would need four identically configured servers and I realised it would be a waste of time when I only need one server and less redundancy to start. Wish they could figure out a way to provide AD entirely remotely, for those willing to require the Internet always working 24/7 to locate and manage devices on their own network... Though maybe something like bonjour could also replace those functions of AD.

As of Windows 10 you can join directly to Azure AD without any on prem AD implementation.

Sweet. News to me, thanks. Will definitely try this. :)

This kind of reminds me about how QuarkXPress abused their market dominance for so long and generated a lot of resentment in the community. When a decent alternative came along in Adobe InDesign, people jumped ship in droves[1].

[1] http://arstechnica.com/information-technology/2014/01/quarkx...

No joke, it's like that in no small part because corporate types love it that way regardless of business size. If it's easy to buy licenses they'll find a way to go through a VAR anyway. I've seen a consultancy engaged to middle-man the Google Apps purchase and configuration and ultimately the only value they provided were a couple trainings and some initial configuration any idiot with a few minutes and the ability to read could do.

The reality is that for your corporate/enterprise-fully-entrenched-fiefdom-building management person easily buying things or having someone read documentation and configure something is just not compatible with how they operate. They need net 30/60/90, sales drone wine, dine & golf, "is this in the Gartner Magic Quadrant?", a drawn out high-touch sales engagement and consultants they can blame.

Risk averse is the name of the game and it doesn't matter if it makes the business too slow to compete because a middle manager will never be held directly accountable for doing exactly what every other politics-first middle manager is doing. You want to sell to enterprises? Get in with the developers but be prepared to provide all of the above to the people actually making the purchasing decisions.

Why do this remind me of how big media had to dragged kicking and screaming into the streaming age?

Perhaps because it's an obviously worse system that would be replaced if only the incumbents weren't protecting it.

I'm sure any individual middle manager would give you a very reasonable explanation for any of these behaviors. If you're operating in a political environment and you don't play the game you're going to end up the sucker sooner or later. How do you fix the problem when you need to be part of it to have any leverage to fix it? The only thing you have power to do in that situation is behave ethically or unethically (depending on who's definition of unethical you're using of course).

I'd like to think that startups that grow enormously will prove over time that slow enterprise-y corporations are at a huge disadvantage and that will slowly make it's way into business schools. But part of the reason risk averse behavior takes hold is because the stakes get higher as you get larger. Today's spectacularly successful startups are tomorrow's enterprises unless they make a deliberate effort not to be.

> I worked for a startup, under 20 machines, I tried to buy then Windows 7 Enterprise. Microsoft's partners were super unhelpful, disinterested in a small account, refused to provide clear pricing, and I was getting upsold even before we got the basics squared away ("I'll just add on 20 CALs, a Windows Server license, and let's talk exchange!"). Ultimately we just gave up, and used Windows 7 Home(!) for three years.

You were likely talking to the wrong people. You need to go through bizspark[1] if you're a startup and you'll end up with a super-helpful dedicated Microsoft representative and lots of free stuff. It's been never anything but super in my experience to work with Microsoft as a startup.

[1] https://www.microsoft.com/bizspark

If those 'wrong' people are Microsoft employees, they should have directed him to the right people.

If they didn't, then it is absolutely Microsoft's fault.

Microsoft sales are generally handled through small VARs (value-added resellers) which are hyper-local and send salespeople and technicians to drive around to local businesses. These VARs in turn buy from large distributors with more elite Microsoft partner status like Ingram Micro. Players at every level participate in some kind of Certified Partner Program and must be certified by the next level up the chain as conforming to requirements (has a physical office, X in revenue, N people on staff with Y certification, etc).

It's the same with Cisco, and really a lot of stuff in the enterprise space.

Plebes don't get to talk to Microsoft employees.

EDIT: I will add that I have worked for a few such resellers of various enterprisey tech companies. Your partner account buys you a hotline to competent vendor support engineers. They aren't reading scripts, take you at your word for the troubleshooting steps you've already tried, are happy to work a problem systematically with you, and will also readily admit that a product is defective and grant an RMA or even make a bug report, collect diagnostic logs from you, and tell you when a fix is slated for release. It's amazing.

So they should have directed him to a competent VAR then. They don't appear to have done that! The ball is most certainly still in Microsoft's court.

Microsoft is a huge organization with tens of thousands of employees. We have no idea what was communicated between this commenter and the sales person. At some point you have to kind of step back and realize that you're responsible for your outcomes and not blame everything bad that happens to you on others. Searching Google with "startup microsoft" or "startup pricing microsoft" would have been enough effort to figure this out.

No. That's not how sales organizations for competent companies work.

IBM, in the mainframe era, was very good at this. It was IBM policy that if you called anyone within IBM sales with a problem, it was the IBM employee's job to get you to the right people. All IBM salespeople had a little printed pocket book of phone numbers within IBM, a directory of contacts for various types of problems.

Man, I can't upvote this enough. Say what you will about the IBM of old or new, when you called you didn't have to put up with this runaround of putting the onus on the potential customer. "Hi, IBM, I'd like to give you money." "Just a moment, sir, and the next person you speak with will be the one that can help you."

"Hi, Microsoft, I'd like to give you money but fuck me if I can figure out which SKU or how much." "You did it wrong, sir. You should have called this other number. Or you should have Googled it. But the last thing you should have done is called me, have a nice day. <click>"

I ran into this almost ten years ago trying to price the various SKUs we needed for Visual Studio. It was appallingly ridiculous how much time I spent on that, in contrast to just going to a web page, comparing features, click a few radio buttons, click "Buy", sorted. It was the last place I've worked since that I've had to beg Microsoft to take my money. Now they just plain don't get my money.

Signed, A very disappointed ex-MSFT employee and ex-shareholder

IBM is still like that. I called with an issue on an old iSeries machine[1] and mentioned that I might want to purchase a new one[2]. I got no less that 3 calls within 4 hours asking me about my purchasing needs and giving me exact prices and plans. They would be fine with taking my money.

1) I guess if the switch its connected to gets reset, the older version of the OS cannot reconnect automatically.

2) accounting software will make you buy strange things

I remember a friend of mine's company bought a $78k storage server around 1998, and one of the drives failed 4 months in, he called just to replace the drive and it took a call from the upstream vendor to get them to not try to sell them another >$70k storage server.

For the record, that hasn't been my experience with IBM; I used to get a pretty bad runaround, but perhaps that's changed - I stopped using their products as a result.

I took "mainframe era" to be roughly the 50s through 70s or 80s. Are you talking about the same time period?

No, I guess I'm talking about the post-mainframe era; perhaps the PC era.

The fact that you have to go to Google to search to find Microsoft pricing, and have to already have the knowledge that they have special "startup" pricing is a failure on Microsoft's part.

I still can't find accurate Microsoft pricing with my Google-fu. It's ludicrous!

You know given the title and the bait it presents to a particular kind of people I should have known better than share with people a positive thing about Microsoft and to suggest they think for themselves.

Don't be like that. From the other commenters' perspective, you didn't share a positive thing about MS, you made a negative comment about them.

Don't let confirmation bias and an MS persecution complex make you put up a wall to legitimate concerns.

You shared your positive experience about dealing with Microsoft, but you also downplayed the OP's experience. Even though he went through the process he attempted in some detail, you told him he was responsible for the poor customer service he got from Microsoft.

That's why you aren't getting favourable comments.

You're not getting downvoted because you're saying a positive thing about Microsoft, for the simple reason that the thing you're saying about Microsoft isn't positive.

If you like MSFT so much, I have some spyware you can remove on my sister's laptop. only took me 4 hrs last time.

When my grandmother's computer finally died a couple years ago, I bought her a chromebook to replace it... mom liked it so much I gave her one... now about half of my family that I regularly talk to uses them.

Do you understand how that sounds?

"We failed to sell you something you wanted, and it's your fault."

Besides, BizSpark is solely for startups, not for established SMBs, who would quite reasonably expect to be able to sign up for Enterprise by searching for "Enterprise".

Is this too obvious, perhaps?

Is it really your assumption that thread parent neglected even to google this topic of such great import to business success? That seems neither likely nor charitable.

It's definitely more palatable than blindly bringing out the "M$" pitchforks but I guess if you were looking for something on HN to get your daily anger fix I guess feel free to use this as your opportunity.


It's irrelevant if Microsoft are a huge organization with tens of thousands of employees. Sales aren't made via excuses.

Putting the responsibility on the customer to find the right set of keywords - in Google no less! - to purchase copies of enterprise software is bizarre.

Hahaha, "we only sell to Bing users!" Now that's a strategy tax!

If he's able to reach "the wrong people", that still represents a failure on Microsoft's part.

> You need to go through bizspark

Shouldn't Microsoft make that clear then? If I wanted Windows 10 Enterprise for a business, I'd search for "windows 10 enterprise", follow the link to "Windows 10 Enterprise for your enterprise business - Microsoft"[1], and go to the "Buy>How to buy"[2] page. There is zero mention of BizSpark in that process as far as I can see.

It's also non-obvious from your link that BizSpark includes Windows 10 Enterprise. I had to download the "Products by benefits level" Excel sheet to be sure, and it appears to be limited to five people regardless.

I understand that Microsoft's enterprise licensing typically involves going through a reseller, but Microsoft certainly could be doing a better job pointing people (esp. small businesses) in the right direction. Even if I go through to "Contact a Windows Solution Provider"[3], it defaults to searching for UK and an 8km radius (accurate enough), sort by "Most relevant". Top 5 results:

* German-language result

* Scandinavian/Nordic-language result (doesn't look like Swedish, Danish, or Norwegian to me. Possibly Finnish?)

* English-language result, but located in the Netherlands

* French-language result

* Italian-language result

Maybe these companies can help me, or maybe they are the "wrong people" to whom you refer. Following what I would see as the obvious path to try and purchase Windows 10 Enterprise, I'd have no idea how to tell the difference.

[1] https://www.microsoft.com/en-gb/WindowsForBusiness/windows-f... [2] https://www.microsoft.com/en-gb/WindowsForBusiness/buy [3] https://pinpoint.microsoft.com/en-GB/search?type=companies&k...

bizspark is only for up to 7 people. I mean you could actually create a single account and use the same key for multiple machines but if it comes to office your limited to 2 keys per user. but you could install every key on up to 2 machines but licensing forbids to use both installations at once.

Does Microsoft still unleash the BSA on small businesses that are out of compliance?

I'm pretty sure no business can be in compliance since different parts of microsoft will give you a different story about what needs to be licensed.

Does the pope shit in the woods?

The fact that it's apparently not obvious who to talk to seems to be a problem for Microsoft to solve if they care about the "little guys" (maybe they don't? I'm not sure)

I worked for a startup a while back and we tried to get quotes on running Microsoft SQL server. The sales rep could not comprehend that we were a web company. They continued to try to ask us about how we would be using it to manage our in-house inventory. Even after explaining, "no we're a web company, like myspace", the rep still didn't get it. We used MySQL.

VARs don't even know how SQL Server licensing works. It's not hard when you take the time to read about it but it's convoluted and no one should have to waste their time doing it. Basically it comes down to this:

if ($number_of_clients * $client_license) > ($number_of_processors * $processor_license) buy per-proc, else buy client licenses.

Per-processor licensing is somewhere in the neighborhood of 30K (per CPU). Standby servers and processors aren't counted toward that total. Clients are any machines or users that directly or indirectly (like via a web app) use the database. That last point is important because sales reps at vendors who's software requires SQL Server will sometimes be ignorant of it or will lie and when you get audited you're the one left holding the bill.

What's the rationale for not selling windows enterprise licenses on amazon? What's so special that it requires an official reseller?

If Windows Enterprise Licenses were on Amazon then Microsoft could not maximize how much money they make on Windows Enterprise Licenses. They rely on the information asymmetry to charge you as much as they think they can get out of you.

> People want to give Microsoft money, but Microsoft is intent on making the entire thing as painful as possible and their licensing as obtuse as possible.


I don't know if this is still the case, but a few years ago I bought an MSDN subscription, and it took weeks. I could never figure out why they made it so difficult, nor why they forced me to go through partners. Just add a subscribe button on your own website, let me pay and be done with it. How you handle distribution is not my business (and I reckon distribution is not an issue anymore, since I think nobody chooses to have CDs delivered instead of downloading what they're interested in).

Again, this was a few years ago. I hope by now they have fixed this process, because it was completely broken.

Similar story... But not with a human sales person. Went to order github enterprise for our company. Went to Microsoft Asure as one of GHE's recommended hosting partners. The interface was extremely complicated and cloudy. Costs about $200/month for what seems to be a $40-80 VPS anywhere else. Performance is not that great, too. Found out a month later that bitbucket would fit our use case hosted for $10/month. Gitlab would fit our use case hosted for free. Management had insisted on GHE "for consistency".

If you are small and want enterprise licensing you can sign up your company as a reseller through Ingram Micro and buy it through distribution faster than a reseller will quote you.

I think Windows Intune also comes with Enterprise licensing as well, but I'm not certain.

They don't want you any more.

When you're ready to spend big bucks on Azure, please let them know.

I'm pretty happy spending small bucks on Azure... though, I'm less inclined to be stuck with windows, there are aspects I do prefer...

You can get Win10 Enterprise with Software Assurance using Open License. It is also recommended to renew it every three years. But on the other note, I should mention that even Server 2012 Essentials include WSUS to control updates for example.

I don't understand what this had to do with what I said? They sold Windows 7 Enterprise with Software Assurance on an Open License six years ago.

I am talking about the process you have to go through to buy Windows licenses and licensing in general with Microsoft. I literally had to take a exam at one point on Microsoft licensing to be eligible for a program of theirs.

I wasn't complaining about the price, or available options, I was complaining about how hard they make it to actually give them money, see how much things cost, and to be clear about exactly what licenses you need.

If I recall correctly they want to get people on their 365. Not a good plan unless you trust Microsoft completely, of-course these kind of moves don't help their argument.

Sometimes, but significantly often, when I click on an email in the Outlook 365 web app, nothing happens. The display pane goes blank-white.

There is a noticable delay when I click to focus on the search bar, and often I have to retype because I click and go to start typing in my search term and lose the first few characters.

Almost always, when I search for an email in the Android app, it just hangs and even if I leave it to sit for minutes...

It's not about trust in motivation at this point. It's about trust in competency.

Unfortunately, it isn't just the web app... using full on outlook really sucks compared to Outlook + Exchange a decade ago. I understand it's more about distribution and scale, but it's annoying that your unread counters can't even stay properly synced.

A colleague had a similar problem, except email never worked in the browser. It took three weeks for Microsoft Support to fix it.

We'd have migrated to Google, except the system administrator had booked a holiday for two of the weeks.

Like going into an expensive store dressed like a poor man.

I always snigger at the formula of Microsoft's public statements. You just know that in the first paragraph it will claim - disingenuously - to be doing the exact opposite of whatever it's accused of. And sure enough the very first sentence is:

"Microsoft is focused on helping enterprises manage their environment while giving people choice in the apps and devices they use to be productive across work and life."

You can take this sentence, and without knowing any other details at all, figure out that the company is somehow preventing enterprises from managing their environments properly or restricting app and device choice or both.

I find this true of most company taglines. "We have the highest rated customer service" = We have shitty customer service.

I think the people who write this stuff are usually presented with "Here's the bad parts of our reputation. Make sure your blurb fixes that"

Probably something like, "we took a survey. Here's what our customers / prospects said is important to them."

If a company has poor customer service, byzantine purchase process, etc., that stuff will crop up.

Then again, so will all the standard things -- trust, etc.

"giving people choice" = "giving people the choices we made"

This sort of doublespeak is not restricted to Microsoft. About "choice" and freedom/personalisation in general, Mozilla is the other one that comes to mind with this amazing article:


I am more interested in learning how much the person who crafted that sentence was paid..... :)

Microsoft enterprise/SMB sales process (via channel partners) is a laughable disaster.

Recent task: Run a Windows Server VM on Azure, with 4 remote desktop users connecting in.

Result: almost a MONTH of back and fourth with THREE different MSPs since none of them knew details of proper licensing. In fact, even Azure support did not know licensing terms and said just to contact the MSPs, who in turn advised we contact Azure support. In the end, after a couple of days of googling and reading obscure MSDN entries, we THINK we got the right licensing approach.

Oh, and total cost difference between different MSPs on even such a small order was over 40%.

Sadly, its currently a classic example of "please take my money" and the company doing everything in their power not to. Until microsoft clears up their licensing terms and makes pricing transparent, they will be hated.

I'm slightly confused...you think the multiple users RDPing into it will cause an increase in cost if you go 100% legit? The price of the windows OS is priced into the Azure hosting costs. Windows vms are a bit more expensive than linux ones for this reason.

Remote Desktop on Azure is a bit of a licensing nightmare. See this [1] old blog post:

> Effective January 1, 2014, Volume Licensing customers who have active Software Assurance on their RDS User CALs are entitled to RDS CAL Extended Rights, which allow use of their RDS User CAL with Software Assurance against a Windows Server running on Windows Azure

Licensing costs for Remote Desktop Services (not Azure RemoteApp) is not built-in to the virtual machine pricing.

[1] https://blogs.msdn.microsoft.com/luispanzano/2013/07/15/remo...

Exactly right - you only get 2 admin RDP licenses with Azure Windows VM. More users requires running RD License Host and using either user or device RDS CALs (not to be confused with Server access CALs which ARE included with Azure cost). Further, extended rights enablement seems (to still) requires an active SA contract.

To make matters worse (and this is unclear) you can only do RDS User CALs in Active Directory mode, but must use Device RDS CALs in workgroup mode, making an install scenario where a couple of users just want to share a desktop app (quickbooks, for example) a freaking nightmare.

In essence, it seems that RDS licensing is currently targeted only at hybrid deployments (e.g. you're taking your RDS from on-premises to hybrid via SA/Extended Rights).

As of this summer, it should be possible to also use RDS via SA/ExRights on AWS, which, ironically, costs materially less than Azure for a Windows Server license on top of decent hardware+ssds.

Oh, and because its microsoft, every single possible combo of user/device/rds/sa/whatever licenses carries its own SKU. After this "exercise" I know far more than i ever wanted to about Microsoft licensing :(

So... does that mean you can't RDP into your machine to do administrative stuff?

EDIT: Oh i see, ONLY administrative stuff if you need more than 2 users.

The admin. connections are free of licensing restrictions, anything beyond that is a PITA (on Azure).

And this particular sysadmin-for-my-family will no longer allow windows to be installed on any of our computers whenever they are in need of a reinstall.

Windows is becoming more and more like Facebook. Too many users changed a setting you don't agree with? Just block access to that setting or call it something else to confuse enough people to the point that the numbers are "good enough" for management.

Almost every time I visit my parents, my mother's Windows 10 laptop has reverted at least one of the changes I have made.

I used to keep a copy of Windows available via dualboot on all of my laptops, just in case I needed to print something in a remote location where whichever flavor of linux I was using didn't support. Not anymore. Linux Mint serves that requirement just fine.

Yeah, at a time when their market share is declining and real solid alternatives exist for gamers, productivity, browsing, entertainment, etc you'd think they'd do everything in their power to make their platform more inviting, flexible, affordable, etc. Burning people with stuff like this will only eat up any remaining goodwill they had with consumers, and they'll be left with corporate customers and a dumbed-down product that no one wants to administrate.

At work I use Windows 10 for Education and it runs nicely on hardware (Atom dual core with basic integrated graphics and 2G of RAM with spinning rust + some virtualised applications) that Windows 7 found problematic.

I'm just wondering: why the hassle? Just release a 'stand alone' win10 client without all the gunge. The clue is in the name - it is a client to services currently based on Microsoft software.

One thing that windows 10 absolutely hates users changing is firewall rules. I regularly see my custom rules disappearing. This is unacceptable.

The windows firewall is also tied into pretty much everything in the system, disabling that service messes with lots of stuff, like installing fonts:


That sort of completely insane dependency deserves a specially enunciated WTF!?!?

I would not be surprised if somehow installing or opening a font was tied into some sort of telemetry system (or maybe DRM-ish licensing crap) that requires Internet access in some way or another. Unbelievably scary and deeply disturbing.

I've seen this with file associations too.

I feel like there MUST be some way of...

1) Asking 'correctly' now...

2) Automating this from a .cmd script or something so I don't have to manually hunt through the GIANT, UNSERACHABLE (it is now sort-able thankfully), REFRESHING on EVERY CHANGE list of file associations.

Unfortunately I haven't actually looked in to how to do this... but if new versions of open source applications that I use aren't doing this automatically that sort of indicates that such a search might not be the best use of my time.

Are you modifying existing rules or creating entirely new ones?

Creating new rules to open a specific port. I have seen them deleted twice in a year.

> my mother's Windows 10 laptop has reverted at least one of the changes I have made.

So, having moved house recently, I had no internet for my win10 gaming PC, not even the cable plugged in. Most days it'd be turned on for a bit of a play. After about a week of this, Win10 then told me it had updates to install, and took me through the install process!

> Too many users changed a setting you don't agree with? Just block access to that setting or call it something else to confuse enough people to the point that the numbers are "good enough" for management.

Ergh, agreed. Ever try to change the default search engine in Edge to something other than Bing? Hoops galore.

How is it a hoop to go to https://www.google.com and click your mouse a few times? You make it sound like a chore!

It's a hoop because it's an unnecessarily complicated process for something which should be so simple, but we're forced to do it because Microsoft deems it so.

Also, that process is not immediately obvious and certainly not intuitive. I can definitely imagine many people just giving up and using Bing.

We are tied to Microsoft due to a multi-million dollar ERP. I have frozen at Win 8.1 (software assurance contract). I love server and maybe once Server 2016 is out this Fall/Winter, I can circle back around but the 2 Win10 machines we have (one is mine) tripped every security protocol we have (we do some stuff for foreign and local defense contractors). Thi sis the enterprise edition. In the end, I block a few thousand domains and entire netblocks within and without our networks which completely breaks Cortana, Store, etc. along with just about every Microsoft website. It's a pain. I'll be moving back to DragonflyBSD ASAP on my desktop and running VM's whenever I need to hop into Windows.

The only way I have ever found to run Windows in production is in a virtual machine. I take regular snapshots so that I can restore it when something happens.

I don't suppose you can tell us what you've blocked to get Windows 10 compliant with your security policies?

Edit: I'm genuinely interested... not sarcastic - promise :-)

You should put something out saying what you've blocked, I'm sure many other people want to do the same thing.

I don't know when I'll be able to get off of windows, but I do know that my next computer won't run it on the bare metal. I plan on getting a CPU with good virtualization (non 'k') and only ever running windows inside a VM. Things had already gone too far about 5 revelations ago.

The Intel CPU's with unlocked multi's have had VT-D for a couple iterations now. They're still useless if you have zero plans to overclock. (Even more so now they don't even come with stock coolers anymore.)

Is DragonflyBSD a good desktop environment for someone coming from Debian and other Linux OSs?

Well, the Intel DRM driver is pretty closely tracking linux upstream and most desktop stuff just works, so you could say it's a viable alternative. But it doesn't have DTrace or ZFS, although it has LUKS/dm-crypt for compatibility with Linux and the Hammer1 filesystem provides most of ZFS (missing some important bits) while requiring much much less RAM. You can actually dedup your Hammer filesystem with little RAM. Matt's been working for a long time on Hammer2 and it's still under heavy development. The message passing, less sharing concurrency in the kernel allowed Dragonfly to be competitive with Linux in benchmarks with just a few developers and a simpler kernel locking scheme altogether. DTrace is the number one feature I miss compared to FreeBSD, but other than that it's great. But FreeBSD gets a lot more contributions so is a much safer bet for production and they're also well on their way to have a linux abstraction layer for quicker sync of kernel drm drivers. So they will soon close up to Dragonfly in terms of Intel and Radeon graphics support. Also FreeBSD gets official Nvidia binary drivers if you need them and they have a kernel driver ABI that doesn't require you to rebuild nvidia.ko.

You don't know about the "Security" telemetry level and why it is there? Server has it too BTW.

I want devices that I, the owner, control, whether I'm a small business or enterprise or individual. This is important for many reasons, from security to freedom-to-tinker to using the device I own in the way I want.

It was once an accepted standard in IT. Now, can anyone name a current handheld or desktop system that provides end-user control?

If you don't think security, including privacy, is important, consider what a U.S. president with fascistic tendancies would do with all this access to citizen's devices and data (and how many companies would risk their enterprises when he leaned on them?).

do laptops with linux preloaded on them not count? you can get a dell machine with rhel or ubuntu installed on it, and afaik you are free to do whatever you want thereafter.

With the exception of the behavior of some of the binary blobs used to drive some of the hardware I believe you are correct.

> do laptops with linux preloaded on them not count?

Isn't the bootloader locked down?

Also, that's probably not a realistic option for most end-users.

If a Chromebook would fulfill their needs, then a Linux machine would certainly work. I think Chromebooks are currently the best selling computers on Amazon.

Most things that were "once an accepted standard in IT" are horribly insecure. The end user wanting a system he/she controls is very much one of them.

Microsoft taking away control from users, especially when it came to forcing them to take updates, is probably the biggest change they could possibly have made to improve the overall security of the internet.

> taking away control from users

If you don't control something, you de facto don't own it. You're advocating for a future without personal property. If you doubt this, see John Deere.

> improve the overall security of the internet

When someone else has remote control over your system, your system is - by definition - insecure. The recent drama involving the FBI and an iphone is a perfect example: the phone is insecure if the OS can be forcibly updated by the manufacturer.

Remote control of the OS may improve the security of the internet, but it happens at the expense of user security.

> The end user wanting a system he/she controls [is insecure]

This attitude is incredibly insulting. Instead of providing more secure products that people cant successfully maintain, or spending the time and effort to properly educate users, you're claiming they cannot be trusted with complicated tools.

> taking away control

"Freedom" necessarily includes the freedom to make bad decisions. You want to take away that choice. You might want to consider the long-term effects of advocating against freedom.

I'm not advocating. I am pointing out that user control is fundamentally anti-security. Bad security may very well be worth the tradeoff if you value other things like freedom, fashion, backwards compatibility, fewer restarts, price, etc.

I'm not convinced that freedom and security are quite as opposed as some claim; centralized control has repeatedly been shown to create its own security problems.

But supposing and to the extent that they are, I'll bite that bullet. If I have to trade away security for freedom, then I'm willing to do exactly that.

I don't see how your argument works. You seem to be saying that user control automatically leads to less security which is obviously false. Maybe you are conflating groups with individuals. If an individual has control then by definition he can chose to be more secure or less secure by his actions e.g that individual may chose to perform updates asap and stay away from suspicious downloads. He can also chose to do the opposite of these things and be less secure but there is obviously no direct implication either way. But underlying this is a one-dimensional view of security, consider more complex scenarios where users are forced to use a single software to perform a task. If that software is insecure then 100% of users are vulnerable whereas if there are a diverse range of programs the users are more resilient to attacks.

>You seem to be saying that user control automatically leads to less security which is obviously false.


> If an individual has control then by definition he can chose to be more secure or less secure by his actions

He can in theory, but he does not in reality.

>He can also chose to do the opposite of these things and be less secure but there is obviously no direct implication either way.

Again, reality shows us that the vast majority of users choose to be insecure.

>But underlying this is a one-dimensional view of security, consider more complex scenarios where users are forced to use a single software to perform a task. If that software is insecure then 100% of users are vulnerable whereas if there are a diverse range of programs the users are more resilient to attacks.

Correct, a diverse set of platforms would also be good for security. But that is a separate argument.

> the vast majority of users choose to be insecure.

This is incorrect. The vast majority of users choose to use the things they purchase for the intended features. They usually make no choice whatsoever about security. Your posts in this thread have been trying to blame users for poor product design; if something is badly insecure when used for the intended features, then it is defective.

This is where you probably want to assert that remote management is the solution, which takes control away from the user and allows defects to be fixed at a later time. You have asserted many times that allowing users to control their own devices is "less secure". This conclusion may be true in some cases, but it is simply incorrect most of the time.

When you take control away from the user and give it to the manufacturer (or other remote location), you are creating a backdoor that the user cannot override. Adding a remote backdoor is weakening security for the user. If you want to argue this, you're going to have to explain why both the FBI and Apple were wrong in their recent conflict about pushing a broken OS to a certain iphone.

Yes, users have very little knowledge about computer security. The solution to that is to educate them and make better products that don't need as much technical knowledge to use safely. Only then will security be improved. Your solution of handing over control to someone else is trying to keep users ignorant while lowering user security.

You seem more interested in putting words in my mouth than having a real discussion, so I will simply say that if you want to go with that metaphor, having a backdoor is preferable to having no walls.

User control is, by definition, security. The goal of security is to keep control in the hands of the owner. To remove control in the name of security is at best deceptive and self-defeating.

No. The user might use his control to make his computer less secure. Then it does't have security. And in real life, most user do exactly this when they have the option easily available. Most viruses spread through user control. Users choose to run programs which are viruses. Users choose to not upgrade their insecure software. Those are pretty much the main ways viruses spread.

You start off by saying "The user might use his control to make his computer less secure" which is true. But just two sentences later you claim "users choose to not upgrade their insecure software" which is obviously false. They might but the might not.

I could argue the same way and claim that removing user choice might make the computer less secure e.g. by forcing updates to an insecure version, installing backdoors etc. In the real world, this is exactly what happens. Therefore removing user control makes computers less secure. Now do you agree or do you think that my argument is deeply flawed?

"Freedom" necessarily includes the freedom to make bad decisions. You want to take away that choice.

Very well said. There's this relevant Gandhi quote:

"Freedom is not worth having if it does not include the freedom to make mistakes."

The whole approach to computer security seems to be based on an argument along the lines of "let's just throw everyone in jail and treat them guilty by default because they might possibly do something we don't like", which (fortunately, at this present time) seems preposterous in the real world, and yet that's what people are silently accepting --- or even strongly advocating --- with respect to online matters and their computing devices.

A world of perfect security and perfect safety, where no one can make mistakes, where no "bad things" can happen to anyone, and in which everything is controlled by some authority would be immensely boring, dystopian, inhuman, and quite frankly not worth living in.

Choosing to have less security because you value freedom more is totally fine. What I object to is choosing to have less security because you value freedom so much you pretend that less security is actually more. And especially when people are making that choice because those of us who are more informed than they are lied to them in order to manipulate them into doing so.

are you under the impression that automatic security updates is what people dislike about windows 10?

Its mostly the:


openended ToS

poor upgrade/reinstall behavior resulting in lost licenses

overly complicated licensing structure (with articles like this showing the professional license feature set degrading over time)

forced integration of unrelated products (cortana, bing)

integration of advertising into the OS (lockscreen and wallpapers)

lessening control enterprises have over their systems

Frequent forced reboots

Windows overriding user settings

Playing whack-a-mole with the privacy settings

Bloated with unwanted softwares

Two control panels

And most important: loss of trust in Microsoft. This is the one thing that will be hard for them to reverse.

Full disclosure: I work at Microsoft but outside of Windows.

> poor upgrade/reinstall behavior resulting in lost licenses

I have never experienced this. If you bought Windows 10 straight up (or your computer came with one) then you have a product key you can use, just like before. If you upgraded from 7/8 or are in the Insider Program, then you get a digital entitlement to your Microsoft account which gets restored automatically when you next sign on. http://windows.microsoft.com/en-us/windows-10/activation-in-...

> overly complicated licensing structure

There are two editions for consumers: Home, and Pro. With the differentiator being fairly clear from the name alone (home is for home users, pro gives you things you aren't going to ever use at home but might at work, like AD join). There are other editions like Enterprise and Education, but an end user will never even see them.

> forced integration of unrelated products

Cortana is a part of Windows. It started as a Windows Phone feature, and got brought over to desktop. There's nothing unrelated about it. Bing is integrated to Cortana because that's the backend powering it. It's like how Ok Google uses Google on Android. Using a third party provider would not give nearly the amount of insight it currently has, since the two teams can work together to improve results and the overall experience.

> integration of advertising into the OS (lockscreen and wallpapers)

Spotlight has shown one ad that I am aware of (Tomb Raider). Otherwise, it gives you curated images rotated every so often. Your wallpaper does not change, that is not a feature of Spotlight. It's also completely disableable; you just set your own image.

I upgraded three computers to Windows 10 a few months ago. One each from Vista, 7, and 8. All three had showstopper problems. One would never again resume from sleep and had to be downgraded (HP laptop). One encountered a permanent boot error on the second boot into 10, and had to be completely wiped to make it work (Lenovo desktop, only a year old). And the third required purchase of a new graphics card, because acceleration which worked in Win7 does not work in Win10 if you have older Intel integrated graphics.

These free upgrades cost me about 15 hours of lost time, $80 in hardware, and a lot of goodwill. Or I guess I should say, two upgrades, since one had to be undone.

> It's also completely disableable

How about being opt-in?

Can we please just give you money and have a edition of Windows 10 LTSB for consumers where you don't have to wrestle with all this crap?

Also will this "surprise motherfucker" style of updates continue when the free update period runs out in July 2016 and MS starts charging money? Because if it won't, get prepared for some heavy legal action.

I believe Windows 8 introduced the group policy to set a default lock screen image (https://technet.microsoft.com/en-us/itpro/windows/whats-new/...). Since Enterprise is the only LTSB SKU, I would assume some sort of group policy is also being deployed. Wouldn't be too hard to set that policy up, which disables Spotlight automatically.

And ads in the start menu http://www.zdnet.com/article/how-to-disable-windows-10-start...

Why would I want this in a software I am paying for? Particularly the Pro version!

I am not. I am under the impression that some people believe "I control my own machine" is a point in favor of security. And that those people are wrong. Perhaps not for themselves specifically, but in turning that philosophy into a general rule to apply to consumer products.

Care to offer any arguments to support your claim?

The entire history of Windows.

> Microsoft taking away control from users, especially when it came to forcing them to take updates, is probably the biggest change they could possibly have made to improve the overall security of the internet.

Shouldn't the end user get to decide for themselves whether Microsoft can control the computer the user paid for, that sits in their home or office, and that contains their private and otherwise confidential information?

Disclaimer: MSFT employee here. My previous company was acquired by MSFT.

> Shouldn't the end user get to decide for themselves.

Not for the typical user who is not working in IT. None of my friends or relatives want to decide themselves about how their computer works. They just want their system to work and let them do their daily activities. Most of them use phones and tablets for much of their online stuff and they want the system to take care of itself.

Personally, I want to have full control of my system. But as the default sysadmin for my family and extended family, I dont have the time to maintain all those PCs, phones and tablets.

They used to, and they decided to download and execute random malware, and never take security updates.

Isn't that their choice?

Not being confounded by choices they dont understand or care is also what they want.

Chrome and Firefox auto updating without user intervention by default is a good thing. If Chrome were to ask permission before downloading updates, many of them will just cancel it and get on with whatever they wanted to browse. If the system is compromised by malware because of an unpatched security issue, it is the vendor who takes the blame.

Chrome is a browser, not an OS. I don't run my software under Chrome, so I'm not as affected if it had issues with auto-updating (there rarely was anything, which is another point).

If Google were playing beta testers with Chromebooks and messing around like MS does, you'd think there would be anything positive written about them ?

Chromebooks also do auto updates, and do it such a way that typical non technical end user finds it difficult to turn off permanently.

That's a good thing too.

It is. But their choice impacts other people when the malware on their computer starts sending spam, takes part in a DDoS etc.

Sure it is. So what? Are you going to pretend that they are the only ones affected? It hurts the rest of the internet when their machine is then used by hackers to attack others. It hurts the banking system and indirectly, small vendors when these people's credit card information is stolen and used to make fraudulent purchases.

Taking away the right of individuals to make bad decisions that harm others is the entire point of society.

> Taking away the right of individuals to make bad decisions that harm others is the entire point of society.

Thanks, this has to be one of the most idiotic statements I've read this year.

You're welcome. That means a lot, coming from you.

Rather to force their users to see their ads and push their apps down their throat. Security? Really?

>> It was once an accepted standard in IT.

That's funny because it's the folks in IT that always want to limit users freedom. But when someone even higher up the chain takes control they get upset about it ;-)

They want to limit control in an environment they are asked to control.

The Jolla phone provides end-user control.

Out of stock forever

The ball is back in Apple's court. They seem to take the end user more seriously, but they've been mixed. I made a comment taking Microsoft to task when their surreptitious telemetry came to light, and someone pointed me to proof that Apple was doing about the same thing. This is Apple's chance to continue to distance themselves from their competition. They've done well standing up for privacy, with the recent FBI demand to decrypt iPhones, but this is a chance to go further.

Man, I really wish Google would release their desktop Linux. Ubuntu is OK, but someone with pockets like that could finish the job, and make a credible, consumer-accessible, 3rd alternative to keep BOTH #1 and #2 on their toes. If I could just run Linux-supported games with the same performance as under Windows -- I'm not even talking Windows games under Wine -- I might finally get rid of my Windows partition to get away from such things. Valve has got to be working on a Linux distro, which they will release on their SteamBox (along with Half-Life 3, mark my words), but who knows when THAT will be.

I work in a medium sized organization and we let people choose which operating system they want to use, but we do let them know that we prefer Linux (we've created our own little custom Ubuntu ISO with the software that we need pre-installed and it took us like two hours).

Today, we have like 10 Ubuntus, a couple of Windows PCs, a couple of Macs and a couple of Chromebooks (not counting our tech staff since we all know how to deal with whatever we're using).

Ubuntu is by far the easiest to deal with (only had a single issue related to LibreOffice crashing Linux because of some DRM issue, but the fix was already released and all we had to do is to update the system). Chromebooks are by far the worst (it took me forever to figure out how to add a damn printer). That's why I think that Chrome OS will never be more than a toy.

As for Valve, their OS is out for about a year now (don't know it it's stable yet) and you can already purchase some Steam boxes I think (I'll have to verify this).

Edit: yes they are, for half a year now: http://store.steampowered.com/sale/steam_machines

>They seem to take the end user more seriously

Unless you're trying to keep music on your computer and use iTunes, in which case they upload all your music to the cloud and delete it off your PC.

>Man, I really wish Google would release their desktop Linux. Ubuntu is OK, but someone with pockets like that could finish the job, and make a credible, consumer-accessible, 3rd alternative to keep BOTH #1 and #2 on their toes.

Have they actually talked about doing this?

It really wouldn't take much to make a "credible, consumer-accessible" version of Linux. Most of the pieces are already present, and Linux Mint for instance is already very easy for a non-expert to install and use. The main problems are 1) graphics drivers for non-Intel chips and 2) software compatibility. Lots of games already work on Linux thanks to Steam. A little more work with WINE maybe, and some improvements to Nouveau, and some more polishing and you'd easily have something that a casual PC user can install easily and use. It'd probably help too if they finally finished Wayland and got the whole systemd thing settled. Then they'd just need to use their influence to push other companies to do their part, such as stupid printer manufacturers who don't make Linux drivers for their winprinters (not a problem for good printers, but for the cheapo inkjets it still is).

Hoenstly, I find it pretty disappointing that Red Hat hasn't done more in this area, particularly considering they're the ones who created systemd and employ many Gnome3 devs. You'd think they'd be pushing corporate Linux desktops hard, but they don't seem to be.

> I find it pretty disappointing that Red Hat hasn't done more in this area

Me too. Especially now that the 2 things that kept Linux from being a player in the corporate space were 1) Office, and 2) Exchange. Now you can get Google Apps or iCloud or any of a number of hosted applications for these things. Unfortunately, the last time I tried Fedora, a couple months ago, I got a couple of cryptic selinux-related errors, and quickly decided "ain't nobody got time for that," but if a company would get serious about an image (as they do for Windows, anyway), the path is wide open for a Linux desktop in the enterprise, at vast cost savings.

Also Ubuntu, they started a great thing for making Linux on desktop friendlier, then completely discarded the opportunity of Windows 8 being a shitshow and jumped on the mobile/tablet bandwagon.

Now there's another opportunity with Windows10, but not much has changed for the desktop and I won't even mention their mobile success.


Apple's short support life cycles for its operating systems is problematic for many organizations. Its constant churn of hardware specifications also presents issues for organizations seeking stability and standardization. Personally, I don't see Apple as likely to move away from either practice due to its business model and consumer device focus because both have produced substantial profits for a number of years.

I don't see Google as likely to move into the space either, at least in a way that doesn't increase their cash flow from advertising. Their focus with business and enterprise sales has been on services, insofar as there has ever been such a focus at Google.

Would you trust google more than microsoft with your privacy? A google OS sounds more like a fox in the henhouse than a solution to the invasion of privacy.

Point taken. I just assume that Google is harvesting enough personal info through search that they could carve out a space for a private OS. Maybe I'm being naive. Yeah, I'm probably being naive.

I imagine the OS would be open-source, which would probably make it more trustworthy than Windows.

Not saying it'd be completely trustworthy, however...

But at the end of the day, chrome OS or whatever would be a desktop equivalent would just be another flavor of linux. Why chose a distribution managed by a known privacy "predator" over any other distribution then?

Practically, I can't see a reason either. But I imagine it would gain popularity by virtue of the Google brand and marketing.

From what I've seen, Google's desktop Linux systems are just customized LTS Ubuntu images. (Source: visits to Google office) They appeared entirely normal, eg. Unity, Gnome Apps, etc. but I am sure they made some Google-specific changes.

Also, Valve released their Linux distro awhile ago. [1] And Phoronix [2] has some good Windows vs Linux gaming benchmarks. My impression was that they were getting pretty comparable.

[1] http://store.steampowered.com/steamos/ [2] http://www.phoronix.com/

SteamOS has already been released[1], but all they do is add some stuff on Debian. But Steam/Valve does not seem to be too committed to Linux. Their Linux games are often quite buggy[2], and in my experience, support is slow.

[1] http://store.steampowered.com/steamos/buildyourown

[2] https://github.com/ValveSoftware/Dota-2/issues

I see SteamOS as a hedge against Valve's fear that Microsoft will lock down Windows in the same way that Apple has locked down iOS. Rather than a core of their strategy, it's a last-ditch lifeboat in case third-party app stores become verboten.

The reasoning behind this made a lot more sense to me once I started to do a back-of-the-envelope calculation.

There can't have been that many end users who had Windows 10 Pro and went into group policy to turn off the store. So you're looking at small businesses who were using PCs with Win10 Pro on them (likely that came with the PC) that were turning off access to the store but can't any more. The IT admins for these companies are the people Microsoft wants to upsell.

Lets say that there are 500 businesses who care about this feature each with an average of about 20 PCs (probably a high estimate for PCs, low estimate for number of businesses). That's 10000 PCs that Microsoft could potentially convince to upgrade, at (a quick guess based on Google) $120/PC, to Win10 Enterprise, or a potential $1.2M more in revenue that doesn't cannibalize one of their other businesses (assuming more changes to differentiate Pro vs Enterprise). Probably the people who will upgrade are people with factory computers running Win10 Pro.

And for people that don't upgrade, they get to promote their app store. Win-win.

Your small business is already an O365 E3/E5 customer, and Microsoft is tricking your users into signing up for Microsoft accounts ontop of O365 accounts (which creates all sorts of unnecessary sign in complications, like OFTEN having to choose WORK over Personal TWICE in a row.) Now you have all sorts of training issues and confusion when peoples onenote notes end up in their Microsoft account and not their O365 account (oh and their surface eraser only opens the metro app, which doesnt work with 0365 accounts.)

This is a classic example of two divisions who cant get along, both fighting for the same territory.

It becomes painful when you type in your username, to have to wait for it to ask work or personal TWICE, for EVERY SINGLE MICROSOFT APP. Word, onedrive, skype, sharepoint sometimes prompts 3,4,5 times in a row with slightly different interfaces. I shouldnt have to type my O365 password EVERY SINGLE time I open a Microsoft app on iOS (except outlook which only forgets it like once a month)

A new user would get prompted for their password

1) sign into windows

2) activate office

3) sync sharepoint library

4) sync sharepoint library didnt pass the last cred to the app right.

Microsoft's credential management is atrocious for end users. Guess how many times Chrome and Facebook have made me retype my password when logged into my own computer this year.

I've been working on a web app that integrates with Office 365 using OpenID Connect. If someone is signed into their Microsoft account instead of their corporate account, the sign-in process just gives a generic error page with light-grey text explaining the error at the bottom of the page.

I know some of your pain :)

Wow, I'm impressed. Looks like Microsoft managed to an even worse job than Google with managing the duplication of work and personal accounts and integration of that with OAuth.

>So you're looking at small businesses who were using PCs with Win10 Pro on them (likely that came with the PC) that were turning off access to the store but can't any more. The IT admins for these companies are the people Microsoft wants to upsell.

Or you're looking at small businesses (4-80 users) in regulated industries who have remained on Windows 7 and the IT folks who have recommended doing so in large part due to the ongoing concerns with what Microsoft is doing.

As a simple example: regardless of whether it does this or "just disable that (and work out something to ensure that Microsoft doesn't silently turn it back on)," I don't want to have to EVEN BE CONCERNED about the possibility that a local user searching locally for documents containing the words "John Smith neoplasm" has just submitted PII and PHI to Microsoft.

Even better point than mine. This is probably gonna suck for independent medical practices.

> Microsoft has retroactively removed the ability of companies to turn off access to the Windows Store in its Windows 10 Pro version.

Yes but by "upsell" you mean "extort by way of feature removal after the product was purchased".

I suspect that the removal is actually an artifact of them saying that later versions of Windows will be incremental updates to Windows 10. Normally they would just wait until Windows 11 to make the change, but since they can't do that any more, they just roll it out in an update.

Yeah it was a bait-and-switch for small businesses.

Hey, at least they haven't started encrypting hard drives as an upgrade incentive.

Who would have thought that an update policy that allows a corporation to silently update your computer whenever they feel like it would be abused?

So basically, what Microsoft are really doing is forcing admins to block access to the app store through their firewall or proxy. Or setup local workstation's firewall via Group Policy - to block their app store.

Or remove the app store entirely, which is technically possible as it's not an essential part of Windows. (if it is, then I invite them to review the times they were forced to state that Internet Explorer was an essential part of their operating system during anti-trust...)

I don't think they've thought this one through very well.

Microsoft isn't the only guy doing this. I understand enterprise/professional customers have gotten exceptions for years, but for everyone else this is common practice on almost all other platforms. I still think it's a bad practice.

Microsoft is just following the other companies that are winning and somehow doing so without pissing their userbases off. Their main asset, as I see it, are people that cannot or will not switch. So as it is for most companies with a semi-loyal userbase: lock it down before the garden empties too much.

IOS has an appstore, Android has an appstore, Mac has an appstore, Chrome has an appstore, Firefox has an appstore, Ubuntu kind of has an appstore. Firefox, iOS and Chrome don't allow you to install outside of their appstore without running different builds. Android makes it difficult, removing it is even more difficult and you lose half your phone in the process. Sure there's homebrew, f-droid, cydia and chocolatey for hackers, but that's a tiny subset. Windows really wants control like everyone else. The internet has changed a lot since the decentralized software and hardware days Microsoft is used to. Microsoft doesn't get to sell their user metrics, control what users install on their systems or where they're installing from. They don't get to charge uploaders or put fees on downloaders/purchasers. The Windows store is pretty much a flop at this point, but they want it to be the canonical way to install software on Windows like every other platform.

Not a Windows problem really, they just get the negative press that every system should get for trying to force people into a garden. If it gains steam years down the road, I could see them pull a Firefox and lock down external installs without 'approval' for security.

Just a few weeks ago I bought a Microsoft Miracast dongle, OS independent or so it claimed. Only way to configure it was to have a Windows10 computer and download the driver/configuration software from their Appstore. I no longer own it. I really don't think this is an isolated problem though.

Edit: Clarification

I agree, we should be taking everyone to task for this. Nobody cares enough though. It's just inevitable that this is the future. I don't know why. People are just too beat down to raise a fuss? It's too much of an inconvenience? Hard to say, but somehow it's just become how things are.

>iOS ... don't allow you to install outside of their appstore without running different builds

At least companies apparently can create their own appstore for their custom apps: https://developer.apple.com/programs/enterprise/

This is true, but it still costs you 300 dollars a year, uses the same mechanisms the market uses (no loose .ipas) and you have to give lots of trackable info to Apple (company info, devices, apps, update/use metrics). It's all centralized too, so if they change their policy (like go back to the >500 employee rule) or don't like an app you're sharing, you might be in trouble. If Windows can eventually swing even this with their marketplace, I think they'd be ecstatic.

You can uninstall it with an administrative Powershell using this command:

    Get-AppxPackage Microsoft.WindowsStore | Remove-AppxPackage
Would this not continue to work?

Just one more reason for me to avoid Windows whenever possible, for myself and for my companies.

I grant Microsoft today is a much better corporate citizen than it was 15 years ago, and I appreciate that. But a move like this feels very much like the bad old days to me.

Every time they release a new open-source product, everyone jumps up and down saying "look, they've totally changed!"

No, unfortunately they haven't. They're just putting on a new coat of paint. They have improved, sure, but rising one or two levels when you've dug yourself down twenty isn't actually that much of an improvement.

Unlike many comments, I really like this. I think it unthinkable that businesses reduce employee's productivity by locking down their machine. In the days when Microsoft wasn't checking the security of applications, this was understandable. With a managed and secured store, this is security for the sake of security. If you believe you should disable something just for security without examing the value of the feature, why are you letting users access the internet?

Will Microsoft be sending people over to my office free of charge to handle technical issues with regard to their store? Can I send over any questions from auditors and federal regulators concerning user access to their store?

And you think it is Microsoft's place to enforce this?

> With a managed and secured store, this is security for the sake of security.

That attitude is what causes multi-million dollar breaches. It's all right if your customers pay for it tho.

You'd be suprised how restricted some companies' web access is.

How can someone still trust MS ?

They almost made it to trustworthy, but observing GOOG set them straight.

We don't. Time to get off that train wreck of a platform!

There it is. The vindication I was after. I knew I wasnt just crazy for doing everything I could to minimize ms in my ecosystem. Personally, I think rms, gnu, and gplv3 are the way to go. We need to protect user freedoms more than developer freedoms.

It's not users vs. developers, it's users vs. vendors. The devs working for MS are just hired guns doing what they're told in exchange for a paycheck; they're not making decisions like this.

To the user the dev and the vendor is indistinguishable. Also, Nuremberg defenses aren't usually the most solid, but I see what you mean.

While I wouldn't view it from trust and mis-trust, I'd instead argue it's the company culture to act monopolistic. We've seen this hubris bite them in the ass on more than one occasion:

Windows XP -> Windows Vista Windows 7 -> Windows 8 Xbox 360 -> Xbox One

It's endemic in their company, and that won't change unless the company's back is up against a wall (financially).

They should rename it to Windows 10 "Professional" Home Edition

That's actually what it is. Professional is the version for end users, people like you and me, who want to run more than "Home" on their own computers.

Enterprise is for computers owned by your company.

I for one don't find this change very professional. I'd go further and call anything but enterprise 'Windows 10 Ad Supported edition'.

Being able to install software on your own machine is pretty fundamental. If it's not your machine, it shouldn't be running Windows Professional.

Being able to prevent the installation of software is also pretty fundamental. Given that Professional has Group Policy, it's intended to be used within a Windows Domain, and to get a Windows Domain you need a server version of Windows. Which really only businesses purchase.

Yes, professional allows you to attach your own computer to a domain. I guess Microsoft is pretty confident that store apps are sufficiently sandboxed.

This reminds me of the mandatory updates for the cheapest windows 10 version.

In the era of bloated/invasive OSes and arbitrary pricing according to the customer's profile rather than according to the value of the product, you don't pay more for more features.

You pay more for the right to deactivate the unwanted features.

Some day you will have to pay for disabling all the "telemetry" and "unique advertiser ID" stuff. Or maybe that's already the case, I didn't bother checking.

I have historically liked Windows but I shudder what is becoming of it. Every time I turn around lately, Microsoft is taking administrative freedom away from users and businesses.

the criticism here is imo unfounded. MS are exceptionally supportive of developers in my experience, and this feels like part of that.

since blocking access to the store is in fact an enterprise requirement... why not restrict it to the enterprise edition?

... and besides that. how about employers trusting their employees anyway?

this is much less than what other platform holders have done in this respect too... Apple being foremost amongst the worst in this category - and yet still receiving fanboy support to the level of religiosity.

> MS are exceptionally supportive of developers in my experience, and this feels like part of that

That's a reasoning that does not justify the act. "We are friendly to developers" should not translate to "Users, you don't get to control your own computers (as much)".

> how about employers trusting their employees anyway?

Wut? That is a terrible argument, it does nothing to contribute to the discussion – which is about a recent Microsoft act, policy, and behaviour, and instead tries to swerve the discussion away from it into unrelated, unagreeable sociological and human-resource-management points.

> is much less than what other platform holders have done in this respect too

Doesn't excuse Microsoft

> Apple being foremost amongst the worst in this category - and yet still receiving fanboy support

Are they receiving support for a similar action. Support for an unrelated action is inadmissible here, because a corporation can be condemned for one thing and praised for another.

Plus, is it the same people doing both the Apple-praising and the MS-bashing?

>this is much less than what other platform holders have done in this respect too... Apple being foremost amongst the worst in this category - and yet still receiving fanboy support to the level of religiosity.

People just like to hate on MS due to their feelings from the 90's and early 00's imo.

Why even have a Pro version? Just to charge twice as much for BitLocker, which should be default in every Windows version, just like it is on any other operating system?

That's - er - disingenuous.

Gee microsoft ... if only admins knew that there existed firewalls.

Exactly and indeed would be a flaw if Microsoft's own built in firewall for windows ignored the users wishes, as that would be a security oversight in this respect.

No they dont, blocking windows store is one firewall rule.

It has been some time since I've used Windows in a corporate setting, but ISTM that just blocking in the network would lead to a degraded user experience and many more support calls. "When I needed to open this file it opened the program [because why would a user know that's the windows store and not something capable of reading their odd file?] and then it just stopped doing anything!"

So uninstall it. It's still possible :-)



I think its a general rule that anytime you derisively mock someone's name with these snide, "clever" puns--or whatever you want to call them--any argument you could make is ignored.

Agreed. I'd have to say pejorative puns are on-par with scare quotes for signaling lack of substance.

Whereas "me too" filler comments signal something of substance, shame that signal is not a good one.

It was new to me and was worth a wry grin.

You forgot to call them M$; that's how people know to take you seriously.

Good point - we have enough of troutlook, sexchange, internet exploder, and all the other crappy products they hawk.

> internet exploder

You mean the "Chrome/Firefox Install Downloader"? But that's a great product for what is was made for!

Don't forget lookout express.

And their product is Windoze

Maybe for the company. The correct term for the "OS" (or more like glorified program loader, amirite) is, of course, `Mickey$loth WinDOS'.

How many bait and switches will people put up with?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact