Slashdot Mirror
Microsoft No Longer Allows Admins To Block Windows Store Access In Windows 10 Pro (zdnet.com)
If you're an administrator, you will no longer be able to block Windows 10 Pro users on your watch from accessing the Windows Store. Mary Jo Foley reports for ZDNet: Up until a month ago, admins could use Group Policy to shut off employees' access to Windows Store if they were running Windows 10 Pro. Controlling this access is a requirement for some businesses. But last month, Microsoft changed that option, claiming that Store access was required for all versions of Windows 10 except Enterprise and Education "by design." Admins still can use AppLocker or Group Policy to block access to the Windows Store if their employees (or students) are running Enterprise or Education.
This company SUCKS.
You don't own your computer. redmond does.
Microsoft, can you please stop f**king up? You had one job.
This time, I can actually believe it.
There is a reason now to switch.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Why are they continuing to aggressively push invasive, paternalistic, and generally super-assholey "features" that make me never want to go back to a Microsoft OS?
Nothing posted to
a so called "pro" user, who by his own choice, buys windows(or any m$ product), or needs it to do anything, or depends on it for anything, is no pro user, but an rank uninformed idiot.
same btw goes for anyone buying, needing, or depending, in any apple product.
There's probably technical reasons for this but I am sure they also don't mind the ability to get greater visibility of the store and additional revenue.
...who the customer is.
Cheers, Glen
I give it one month tops before enough companies complain and they change it back.
This is the kind of thing we need to get around attempts to censor the internet and break down national firewalls.
Since the number of good apps in store is next to nothing, employees will have nothing to find to distract them.
Forced "upgrades", removing features after the fact, spyware you can't disable.
Please Microsoft, keep pissing off users and administrators. Soon since everything will be "in the cloud" and all apps will be web based we won't have a reason to use your shitty OS anymore.
Great, so when Janice from Accounting downloads some spyware laden app she thought was angry birds, some North Korean hacker will be able to steal all the data again.
Candy Crush Pro Business
I've been using Windows 7 for a long time and i haven't seen much of a compelling reason to upgrade to 10. I mostly use my computer for gaming so i'm worried about the the future of gaming on a windows 7 machine.
Anyone on here have any advice for me? Is it worth the upgrade? I'm really comfortable using Win 7 and I basically hate change.
Does it add anything over 7 and if I do upgrade is it possible to make it look similar to windows 7 because I don't like the touchscreen square icons for a desktop.
Thanks in advance.
It think it's pretty clear that Microsoft intends Pro to be business-ish sku that comes bundled with devices. This means full Microsoft experience, latest branch.
Enterprise is volume license only, which is what you'll be using in an enterprise environment anyway. Enterprise gives you access to LTSB - which is what you want really. It's basically windows 7 '15 - Windows 10 without the app store, new windows experience environment, and all the bells and whistles like branch cache, applocker, etc. That and major feature upgrades are on a slower track.
If you also have not noticed, Microsoft is changing a big practiced they abandoned a long time ago. Version numbers. At some point they dropped version numbers and it's been a huge clusterfuck ever since. It's hard to distribute patches and updates when your target is an amorphous blob of parts that may or may not be on a specific revision. The "Major feature upgrades" mentioned above are really version numbers. Microsoft wants a consistent target and Pro is part of that. That means no disabling the app store for you.
For more information see the "Windows 10 November update" aka windows 10 version 1550. http://windows.microsoft.com/en-us/windows-10/windows-update-faq
This pretty much means, though, that if you're a small outfit getting MS software bundled or retail.. Microsoft is telling you to fuck off and deal with it.
That's different than past expectations, sure, but Microsoft thinks this is their path forward.. And I don't blame them. If you want a special version of windows to cater to your needs (Enterprise) you pay for it.
I'm not your normal /. "#$%! Microsoft" kinda guy. I've been an MS guy my whole life, only dabbling in other OSs briefly.
Often you see people (here) chanting about #@$%^ Microsoft or "are you surprised" or any other snarky remark, I traditionally dismiss these as the extreme tinfoil people who would hate whatever they do, regardless.
That being said, Microsofts moves with Windows 10 have gone from "hmm ok that's questionable, but I can see past it" and "this looks desperate, it's kinda shitty, but oh well" and "well that's definitely dumb, but I'm sure some great nerd will hack up an awesome all-in-one little 'fixit' tool for Windows 10 to take out all the crap"
It's now at a point where it's outright sounding BAD. Like proper, bad. The things they keep doing are worse and worse, more and more intrusive. I thought the pushy installer was rough but ok, once it's on, they aren't going to abuse it too much, they are getting their data, from most people who aren't clever enough to turn stuff off.
Nope! It's getting SO bad, I'm really thinking of sticking with 7 as long as humanly possible. Maybe I really will end up a Mac guy after all, or something?
Super unimpressed at this point.
This is just plain, marketing junk mail on your desktop. Do you really want to entrust your confidential and private information to people who can at a turn of a registry key stop or limit your access? They have no moral compunction to give you are rights whatsoever.
By design? Well if you can do it in enterprise and can't do it in pro, then that proves that windows doesn't require it.
Yes, blame Microsoft. They don't have to do this just because Apple did.
Do they limit your ability in any way to not use it or stop it?
How about pencil users?
You Know not everyone write web pages for a living.
And No I do not want to hear about hard to install and use Open source Alternatives.
I am still Pissed at the train wreak GCC error checking is.
Don't ignore errors quietly!
Administrators control the network between Microsoft's servers and end user workstations. This will simply turn into another example of "They think they're going to dictate what, again?" where Microsoft's store app on the PC finds itself unable to talk to anything back at the mother ship due to firewall or URL restrictions.
Linux has no Linux Store. I need to be protected by the garden walls. I need to feel safe. I need to be loved. Microsoft provides me with all these.
Even worse, Microsoft is still pushing its crappy closed MOOXML format and supports the only open format, ODF, barely at all, or even not at all in Microsoft 365.
was that Microsoft would become arrogant with their customers and suffer the same downfall that IBM did.
IBM has since gone thru rehab and recovery.
Looks like Microsoft can't help themselves and needs an intervention.
I'm surprised the investment community stands for the current attitude.
Sorry but it's a royal PITA to have to contend with Candy Crush, XBox and misc stupid shit in Win10 on a corporate environment. Still fucking hate 10.. >:(
If you're an administrator, you will no longer be able to block Windows 10 Pro users on your watch from accessing the Windows Store.
Works just fine with some firewall rules on the core router in the office.
Do not look at laser with remaining good eye.
What competent windows administrator hasn't already blocked the telemetry, live tile, and play store IP addresses at the corporate firewall already?
This is a dick move for sure by microsoft (not that apple didn't do this years ago), but seriously folks... Maybe for certain elements you use the domain policy to disable features and whatnot, but blocking access to other computers is EXACTLY why we have firewalls.
I'm not a very good windows admin, just a programmer for a small consulting company. And the very FIRST thing we did after installing a test Windows 10 box on a isolated test network is determine all the IP addresses to block, and which ones to not block to let update and search still work.
'cause it definitely looks so. Why does Microsoft ruin the whatever small goodwill they managed to acquire in the last few years?
Just as I am getting tempted to try windows again for my next P.C build, I read stories like this.
It is not that this would necessary affect me in a negative way either - I just don't want to support a product that (overtly) treats me more like a commodity than anything else.
Thankfully delivered from evil.
. .
Yeah.... I actually don't know their problem. I stick with Win7 untill 2020. Then it's all Linux or BSD here. Ubuntu Mate or elementary OS seems like nice candidates as well as PC-BSD.
Don't trust policy settings. Drop those packets instead.
It will at least work until updates have to come from their marketing site.
Just register as a small business with Microsoft and pay more for enterprise licenses.
Everyone's happy!
There is not a single Windows store app on my machine, and that includes the store itself.
FUCK MICROSOFT!! (*somebody* had to say it.. the fanbois never will...)
THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
This should piss off all the sysadmins that keep pushing windows/Microsoft infrastructure down our throats at work.
1) proxy block to app store
2) hosts file entries to block app store access
While this is pretty lame and scummy of MS.. the vast majority of companies use Enterprise anyways.. so its really a non-issue. And i cant imagine there wont be a reg hack out within about 15 minutes of the release that circumvents this.. so meh...
Migrate to a different OS that allows you to tweak everything and do proper user and rights management. For legacy related software use, create a walled garden and tell people insisting they can't use anything but windows that perhaps they should be looking for a new job.
MS, ALS, Aphasia ? http://globability.org - Me http://einarpetersen.com
Given how often the store crashes on Windows 10 right now a good portion of Windows user can't access it anyway.
Did you know 80 to 90% of the moderators on slashdot wouldn't recognize a troll even if one dragged them under a bridge.
It's not just that they make horrible technical and UI decisions. Now it's also apparent that they make them for reasons which are openly hostile towards their customers. That company has lost it. Their inertia buys them lots of time, but I have no faith that they'll turn around.
Blocked at the network level. MS wants to have it pitch a fit then? That should make an interesting lawsuit, especially since there is no technical need.
Any sane admin uses wsus and blocks ALL network access and whitelists business needs.
Microsoft is not a business need for our users.
If it weren't for games...
Yep, systemd is a bummer. Them EEE tactics. But Gentoo and Slackware have not succumbed. Currently trying out Void Linux.
The alternative is using Policy CSP (which has a WMI Bridge so you can set it using oldfashioned WMI) to configure "Store for Business" access to "Private Store Only". This doesn't disable the app, but restricts your users to only be able to use the "Store for Business". If you don't have one, then the Store app will be empty.
One of the actual technical reason MS wants the Store app itself enabled is that if it's disabled, then some of the built-in Windows apps can't get updates. The Store app itself functions like a Windows Update Agent for APPX apps, and a lot of Windows 10's builtin functionality is actually an APPX app underneath. By leaving the app enabled but restricting access to Private Only, you still keep this functionality but also keep your users from doing stuff you don't want.
This company SUCKS.
The company is good. For its target market. Which is now enterprise. Microsoft doesn't care much about the home user except as a branding tool. This is a step beyond that, symptoms that they care less about the small business market as they focus more and more on enterprise and fortune 500 type partners. At this rate, in fifteen years, they're going to be another IBM.
For me Windows Store got blocked when I disabled UAC. I wonder if that will still be the case. If I can't disable UAC, Windows is dead.
Windows 10 is designed as the final version of Windows, and Microsoft are working hard to ensure it.
so everyone can browse a software repository - what's the big fucking deal ?
You can still limit installing new software only to administrators.
You sound like Dave420 saying "don't blame the Muslims for terrorism, the Christians did it first in the Crusades"
There is a reason now to switch.
That's exactly what people said when Windows XP came out and Microsoft introduced the "activation" process that's required.
And many did switch, and they did with Win Vista, and many are switching today because of Win10. However, this is not the YOLOD which will never happen, thank goodness. The YOLOD would be like the Eternal September on the Internet.
* YOLOD : Year of Linux on Desktops - can't we make this acronym official?
Didn't they try this stunt with IE - stating that it was required for the OS to run properly? And weren't they shot down hard by the European courts?
Access to an application store should not be required for an operating system to run. Actually access to the internet shouldn't be required at all. If your OS can't run without checking home then your OS doesn't belong in the enterprise much less in the wild.
I agree with other posters that they will attempt to quietly roll back this change when enterprise customers tell them that they're not going to upgrade and start looking for alternatives. I can see the US government putting out a statement that they won't be upgrading due to security concerns and that will start the ball rolling.
If they put out a special edition for 'secure installations' then they'll have invalidated their whole spiel for making it necessary in the first place.
It goes beyond the arrogance of trying to force the upgrade down the user's throats now. They've done something that will enrage their core business - the enterprise. Really great marketing move there.
Just another reason to switch to linux on the desktop.
As someone who has been deploying Windows 8.1 for a while, it's pretty easy to remove apps you don't want from your system images. You can even do it on a running system:
I'm still using 7 Pro on personal & company-issued laptops. I have no experience with 10. Could I use local (machine)or home router based firewall rules to block specific updates?
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
powershell -> Remove-AppXPackage Microsoft.WindowsStore_.... still works for me. Of course they'll patch it but the community at large will come up with a mechanism, just like Office Cloud Upload which is #AAF
Harrison's Postulate - "For every action there is an equal and opposite criticism"
If it can be done Enterprise or Education editions, why can't those registry entries just be incorporated into other editions?
Can't you just block it through the firewall?
The Enterprise editions of Windows have only been available with Software Assurance, which is a subscription-like add-on to standard Windows licenses.
Acquiring SA grants access to additional support, enterprise tools, and some additional use rights. There is a cost-avoidance consideration since licenses with SA are upgraded to new versions of Windows (provided the SA is maintained through the date the new version is released).
Many enterprises---including my employer---bought SA on its own merits because the program benefits were worth it. However, some companies have decided that SA is not worth the price.
This move pushes businesses who need to disable access to the Windows Store to buy SA. Any admin can easily add/remove the Store feature from the OS, so if you are required to block it then you now need to pay for it.
Only Home and Professional editions are eligible for the free upgrade to Windows 10, so this ensures that businesses will be paying one way or another---enterprise customers will have to pay for the upgrade even if Microsoft decides to offer Enterprise without SA.
This is 100% about soaking enterprise customers for more money. If it happens to inconvenience some home users, well, that's just too bad.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
When you buy into a monopolists product you deserve this kind of shit. It takes a little bit of effort to avoid such products, but at least your in control, or have more control. I don't feel sympathy for Microsoft Windows users because 99% of the time they use poor excuses like "my work requires it" or "my job demands proprietary application x that only runs on Microsoft Windows". Take some responsibility already. The reason these proprietary applications succeeded in the market place and your now bound to them is because you bought into them in the first place. It's your own undoing. I've started and run two small companies since 2008 and never touched a Microsoft Windows PC.
Windows Store is defective by design in an enterprise environment. EVERY user download the same provisioned apps all over again in the domain, therefore consuming tons of space and bandwidth. And now as an admin i can't even block the store in our group policy? I will stop deployment to Windows 10 in our company unless this stupid decision is reversed
Open Source Java Web Forum with LDAP authentication
Home users don't care about group policy
Unless they're users of Google Chrome on Windows who want to use a particular Chrome app or Chrome extension that Google has not approved. The official solution from Google to use extensions or apps not available from the Chrome Web Store is to use Group Policy to whitelist particular extensions. But this doesn't work on Home, which is missing the Group Policy Editor. Chrome does have a developer mode, but extensions installed in developer mode disappear when Chrome is restarted.
Global Mother Fucking Spyware
Learn to compute. Use Linux. distrowatch.com Windows has always been a piece of shit OS.
Small companies should use Microsoft for updates and software distribution so Pro is fine and store access isn't an issue. Large companies should use Enterprise exclusively. No exceptions. Updates and software distribution should be done via System Center or a similar solution where IT is controlling this. Enterprise users don't really need store access. It's a non-issue really.
There is always the possibility that you may have an edge case with your hardware that may cause you issues.
The current batch of 10 inch laptops, which are really 10 inch tablets with an included keyboard dock, are more likely to be edge cases because Intel refuses to fix bugs related to their Atom Bay Trail CPUs. The ASUS Transformer Book T100TA has a bunch of stuff missing, broken, or needing a proprietary driver that the Debian project cannot distribute. As of today, this includes suspend (broken), hibernation (broken), backlight power level (no driver exists), Bluetooth (broken), Wi-Fi (no free firmware exists), sound (no free firmware exists; no firmware at all exists for Linux 4.5 and later), and camera (no driver exists).
I smell a Class Action Law Suit in waiting...
They will never stop you from loading non-app store apps on Windows. They will however stop supporting Win32 APIs, as focus shifts to UWP. UWP is getting new features first, and eventually Win32 (and Win32 development) will be suffocated. This is how they kill Steam (or at least your Win32 steam library, putting them on equal footing), this is how they have DRM top to bottom for Hollywood, this is how they get you in a walled garden.
Twinstiq, game news