It's not something I think I should really talk about here, for obvious reasons. But if you know how to use torrents and such, you'll probably know what to do. I don't necessarily recommend it though.

Oh, I nearly forgot one: I think that the new icons for things like the recycle bin, and documents, videos and such are ugly. I think the Windows 7 ones are much nicer.

By default they're sharing an awful lot of information. Most of it s visible without scrolling, which is good. But none of it should be shared by the OS at all. There's just no reason for it. If something needs that kind of permission it should have to ask for it specifically, rather than the OS having it.

The OS is in a position to take all sorts of information without the user's knowledge, so it makes sense that it not be allowed to do any data collection without opting in. With possible exceptions for legitimate crash diagnostics and similar.

Even that probably shouldn't be allowed as there's a ton of confidential information in a crash dump that aren't relevant to the problem.

Thus the incompetent buffoons comment above. The users I had support which couldn't run a script were in the incompetent buffoon category. The users that were not there could do a "paste this into a file, save it as .bat, run it".

My claim is that while MS made it a bit harder to choose what updates to install, the functionality is still there. The script is the easy way to do it, but one can also do it without it. It's similar to saying that the tar.gz that GOG provides cannot be used because they don't create shortcuts, unlike the .deb ones. The functionality is still there, just hidden from most users. If a user really needs to select what updates to install, he will have to do some digging. And my experience has shown that a user that isn't willing to do said digging most likely doesn't need to select what updates to install.

Are the users logging in a local account or a networked one? If local, it is a bit more time consuming to deploy, but if it's networked, you should be able to do it in less than 5 minutes. Group policy is again quite helpful, and you may be able to get away with using logon scripts instead of scheduled tasks.
Do ask if you need help, even if just for the time consuming part of verifying the script and identifying the location it should go.

Here we have people who are good in their field - some of them very good - but who are not tech savvy at all or are afraid enough of breaking something that they won't do anything without me there. I strongly prefer that to whoever installed malware, but it does mean spending more time.

Eh - I still say that MS removing (for a value of remove that means average users can't find it) OS functionality was a mistake, and saying it's OK because we have a script is just going to mean they feel OK with removing more functionality. Also, scripts aren't as reliable in the sense that they aren't as guaranteed - code the script depends on could be changed at any point by the OS devs, for example. OS features tend to be more stable in that sense, which is why I prefer them.

Thank you so much for your offer of help! We're still in the middle of heading off high-level requests this week, but hopefully the week after I'll have time to impose some organization.

Yes, this is potentially a huge security problem, and already definitely a major privacy violation. OSes are in a much more trusted position than a browser and need to respect that.

I didn't read all your posts, but I'll say this:
- normal users aren't already capable of disabling system update or choosing what to get. This new change is just an annoyance for more advanced users, for no real advantage.
- day1 script needed to obtain something that was simple before = crap change.

I'm less concerned about this because I'm running it in a VM for certain Windows only applications, but it seems to me that even if MS doesn't do anything nefarious with the information, that crackers could probably find a way of tapping into it or enabling it for their apps.

One of the big problems with the activation dialogs is that it's only as good as the person's attention and knowledge that's making the decision. And most people aren't paranoid enough to realize what happens when large amounts of data are assembled from numerous smaller sources.

Well at least M$ will get an entry in the guiness book or world records for building the biggest botnet in human history.

You're dead right....

Those so-called I.T. pros that denigrate their user-base like are fucking idiots and should be fired, IMHO.

Everyone has their specialties and things they are good and not good at.

In IT it seem relatively common to find fucktards that think they are oh-so-superior to everyone. They can all go fuck themselves. That man or woman that cannot (or is afraid to) "paste this into a file, save it as .bat, run it" might be an expert on surviving in the the wilderness. I know who I'd rather be with if I need survival - and it's not the fucktard "IT-guy" - I'll tell you.

I ran into this in IT all the time - fucktards that think they are superior to those they support - and always denigrate them. Those fucks either lost that attitude quick or got fired - if I found them on my teams. And if they lost the attitude, I went out of my way to make sure it wasn't just in front of the boss that they lost it.

That attitude of hubris really has no place.

JMO (fire away)

WOW. That is insane.

Day -10 script to be exact, for disabling automatic updates. Registry entry was there from before, build 99xx from what I recall. Script to choose what to install is month -8.

I don't get why you think that rebuts the point? You seem to be missing what both phaolo and I are objecting to.

LOL that kills me.

All those fanbois with their mantra's of "you can opt out / turn off / whatever" <insert convoluted individual one-off procedure for each of a thousand things> and here it is in plain sight they will turn it back on from time to time. And what isn't there today you've already given them permission to change for later.


[edit - typo]

So if the IT is a specialist in the IT field, but a rude person, you will fire him to get a less qualified but more friendly one?

Will said person be expecting you to be able to "Chop wood, build a fire, light it" without you screwing it up? Or would he shake his head and belittle you if you couldn't perform something that simple (and yes, chopping wood and building a fire is simple)?

I do agree. But there is a difference between not knowing how to code, compile and debug a program, and not being able to paste text into a file, save the file, and run it.