Windows 10 Express Spying Settings

The default privacy settings for Windows 10 anger me. Hiding the fact that you will be collecting everything a user types, says, or searches for on the Internet behind a big, obvious “Express Settings” button (which most users are likely to click during the setup process) and providing only a tiny text link to “Customize” these very important choices is just sneaky and wrong. Providing a way to turn all this tracking off is great, but such overt trickery makes me wonder if switching these settings to off really does anything at all. Some users might be happy to hear that Windows 10 offers bitlocker disk encryption, but at least in the Home version your private key gets uploaded to a Microsoft server which pretty much makes using it a non-starter for me.

windows10_setup

If you’re one of the folks who need to use this operating system, you can find out what privacy settings Microsoft makes available to you by reviewing the stories linked below but understand that with every update these options may (and likely will) change. There is no guarantee that any of these settings will actually do what you might expect them to do because with any closed source, proprietary software there is no way for a third party to audit the code directly. All that a concerned person can do is poke around with network tools and infer.

Windows 7 updates stuck

If you have older machines that are running Windows 7 you may have run into an issue where Windows Update gets stuck at the Preparing to install screen (seemingly forever). I’ve been able to get past this issue just by stopping the Windows update service, then applying the “July 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1” (see KB 3172605 below) though its possible thats because I already have applied a bunch of other patches so your mileage may vary. Also, it appears this may cause some issues with bluetooth so be aware of that if you use BT (my machines do not). There is a good article about the issue on InfoWorld by Woody Leonhard from back at the end of July.

KB 3172605
https://support.microsoft.com/en-us/kb/3172605

Removal of F8 a good example of why I hate Windows

Caveats

I don’t use Microsoft Windows at home. I did at one time – I ran Win3.1 and 3.11, Win95, Win98, Win98SE, WinNT4, WinXP, and still use Windows Server and Win7 on occassion at work, but in 1997 I switched over at home to running Linux, then in 2001 switched to OSX, then FreeBSD briefly, and then back to Linux for all of my machines. So for personal use I really haven’t used Windows exclusively since WinXP, even my desktop at work runs Linux and while I do use a Win7 laptop for work purposes on occasion, I’m routinely frustrated by its shortcomings. Also, lets be clear that Windows 10 is really just Windows 8.1 which is really just Windows 8, which is really just Windows 7, etc…

Between my personal choices and running a corporate network, I haven’t had to deal with Windows 8 or 10 very much. Windows 8 died out of the gate and Windows 10 is different enough that some older softwares aren’t supported on it. The version of the ERP system we use to run most of the business functions does not support Win10 and since upgrading the ERP system to a version that is supported is not budgeted for at this time and would be massively expensive, almost all of our machines are still running Win7. I would bet many businesses are in a similar situation. Upgrading all the machines we own to Win10 will be a massive undertaking even if the upgrade is free (our desktops are Pro not Enterprise). Even if we didn’t run into any software problems during an upgrade (the ERP system is just one of the many quirky programs used at the facility) there would certainly be a re-training period for users which is also a cost.

Reality is, I’m going to have to deal with it

However, now that its getting difficult to buy new machines with anything other than Win10, Microsoft has made some inroads on our network even if we have no desire to move to this new version of their OS. A sales person who needs a new laptop ends up with Win10, an engineer who needs the latest and greatest gets Win10, a desktop machine which only needs remote desktop access to the ERP dies and gets replaced with a Win10 machine… and there is always the “threat” hanging over us that at any time Microsoft might decide to push the upgrade out to domain users through some Windows update change and we’ll be left with users in production with critical apps not functioning properly.

I have to admit that I personally really do not like what I’ve seen of Win10 so far at all – its basically Win7 with an ugly interface slapped on to replace the start menu but the real security nightmare which is Win10 should scare the hell out of anybody who values privacy. By default, every single thing you type and every website you visit are sent to Microsoft (and thus, available by the government) and whoever happens to hack into the servers storing that information. But the worst thing (to me) is that even though most of the underlying Win7 is still available in Win10, it has been hidden and obfuscated, seemingly for no reason. Simple things that have worked since 1996 in Windows no longer work as they always have done, and now I have to waste time re-finding these things, and remembering both (in order to support both).

Dealing with problems

In Linux the GUI (graphical user interface) is something obviously separate from the operating system. If a problem occurs in the GUI you can almost always get to a command prompt to attempt a fix, a lot of the times without requiring a reboot. In Windows, there really is no longer any underlying command line mode – the command prompt provided in Windows since WinNT is no longer the underlying DOS of old, it is an emulated DOS running on top of Windows so the only way to interact with the OS is via a GUI. If your GUI fails, you have to rely on Microsoft’s Repair mode which, for most users means booting from the Windows installation media (still have that disk?) since almost no one has bothered to install these tools to the hard drive. Also, this is pretty heavy handed stuff and probably beyond most casual users to attempt.

When running into a problem, before resorting to Repair Mode most of us would try to boot Windows into “Safe Mode” which boots a stripped down version of Windows, bypassing third party drivers. A lot of times its a driver that is the problem anyway. Anyone who has had to troubleshoot Windows over the years is familiar with hitting F8 at boot and selecting “Safe Mode” or “Safe Mode with Networking”.

Using F8 to get into Safe Mode

In order to make Windows boot faster, Microsoft introduced a new boot loader in Windows 8. In so doing, they removed the F8 option to boot into “Safe Mode” The problem is that all of the methods Microsoft provides for you to get into “Safe Mode” now assume that your machine has booted up. One way is to run msconfig and check the box for safe mode and reboot.

This method is of no use if I can’t boot Windows.

Here’s another method (compare these steps to hitting F8 at boot time):

click Windows (or Win key)
hold down shift
mouse over Shut down to get flyout menu
click restart
Restarts to Advanced Configuration menu
click Troubleshoot
click Advanced Options
click Startup Settings
choose Safe Mode

So a bunch of steps, and of course doesn’t work if you weren’t able to boot up to begin with!

There is a way to restore F8 functionality at boot, but again, you’ve got to set this up before you need it or you will end up using Repair:
bcdedit /set {default} bootmenupolicy legacy

So as a network admin, thats an option we’ll want to push out via a login script to Win10 boxes I should think. No idea if thats going to work or if there are any gotchas with it. I’m more interested in just moving all users to remote desktop so the client OS doesn’t matter at all – in fact, they could all just run Linux.

My argument

In their rush to build a great consumer OS, Microsoft seems to be making it more difficult for their biggest install base – corporate domains. This is just one example among many of a change that was made to make the OS experience “better” for an end-user while simultaneously making it harder for support folks to keep it running. If it wasn’t so prone to failure (and usually at the worst times), I wouldn’t care so much about these little things – but inexplicable failure of Windows is almost a guaranteed eventual outcome. I could write a column about these things every week and have something different to harp about for a whole year!

Maybe next time we can discuss “User Profile Service Failed the Login” a type of failure that has been happening in Windows since forever, (this morning I had it happen to a Win10 user on another domain in another state) and yet it seems to keep happening in every great new version of Windows!

My first Vista experience

My company hasn’t embraced Vista. We have been ordering Windows XP “downgrades” for months and staving off the inevitable as long as possible. Today I received in a machine that I needed to set up for engineering, and it came in with Visa Business. A mistake, but I figured as long as I had it here, I might as well mess around with it. So far I am not very impressed. There hasn’t been any crashing to speak of, so that much is good news, but annoyances abound, and many of the things I hated about XP are still there.
Continue reading “My first Vista experience”