Also for you guys that do this kind of stuff on a small scale like this, do you create policies for the client? It seems like you could cover alot of these in policies that can be used in a cookie cutter fashion to work with other customers.
Handing a manager or ceo a best practice policy and asking for valid reasons for exceptions is a good way to get a good security posture.
Even discussing power management on 5-10 desktops is a complete waste for a business IMO. 24/7 for management purposes is the way to go. Just set them to lock
Is windows an actual requirement? Maybe Chrome OS or Ubuntu would work if all they use are web apps
@Dashrender said in Installing Windows 10 without a Microcoft account:
@IRJ said in Installing Windows 10 without a Microcoft account:
I would be interested to compare a default windows 10 install with Azure's Windows 10 VDI. I wonder how much extra shit is on with standard windows 10 that they wont run on their own hardware
Well - I assume that their VDI is using Windows 10 Enterprise - so it should be the same in their VDI or your personal hardware, at least for the most part.
If you were MS and you were running let's say 100,000 VDIs (probably low number) on your hardware, I would think you would 100% optimize. Not doing so would be foolish and expensive.
I would bet that it isnt just Windows 10 Enterprise, but that is just my best guess based on cost of not doing it.
I would be interested to compare a default windows 10 install with Azure's Windows 10 VDI. I wonder how much extra shit is on with standard windows 10 that they wont run on their own hardware 
Home users suffer the most because usually business class PCs are more powerful than your standard home user. Grandma with a celeron and 4gb of ram is a big time loser with all these "extra" features. Hell she even uses bing because she can't figure out how to search otherwise. She sure as hell has no need for extra bullshit
@PhlipElder said in Installing Windows 10 without a Microcoft account:
@scottalanmiller said in Installing Windows 10 without a Microcoft account:
@Dashrender said in Installing Windows 10 without a Microcoft account:
protect them from what?
Predatory sales tactics. Microsoft is trying to force more services on them.
"Force" ?
Uh, no. No one has to open their wallet to anyone.
If there is value in what Microsoft may be advertising or suggesting once the user logs in then all the power to them. The user opens their wallet and voluntarily pays.
OneDrive personal is free and comes with a built-in encrypted vault now. They bumped the default storage up to 100GB or 75GB which is more than enough for folks to back up their critical stuff.
Most folks will pay the $9 or whatever per month for O365 and get that integration too. Then their OneDrive hits 1TB and they get Microsoft Office.
G00g is crap. Plain and simple. No competition with Microsoft Office and O365. None.
We're working with a number of clients that have the full O365 Single Sign-On (SSO) setup in place and it's sweet. Multi Factor Authentication makes it even better with an app instead of a text. They've got a good thing going there.
I agree Office 365 is great, but it's about the only thing.
What we were actually discussing is how bloated windows 10 seems to be. Why can't the default install be the best for performance. You damn well know people don't use half the features on a base install. Yet stupid shit like cortana is slowing down systems.
@scottalanmiller said in PBS Endo Performance Issues on Windows 10 1903:
@Dashrender said in PBS Endo Performance Issues on Windows 10 1903:
@scottalanmiller said in PBS Endo Performance Issues on Windows 10 1903:
But as no customer of something like PBS Endo would ever care about SMB1 being enabled, or that all security is turned off, it's of no concern to the vendor.
I consider this an overstatement. I'm sure given the choice they would choose a more secure setup.. but it would also depend on the costs differences.
They do have choices, PBS Endo isn't considered generally viable for the industry. It's known to be garbage and there are loads of alternatives. Almost no one uses it because it is so bad. So absolutely everyone uses it is making a very conscious decision to not care about it working well.
The theory that people are stuck with the one software out there essentially never applies. Somewhere, someone faces the "use it or make your own" ultimatum, but in decades of IT, I've never met anyone in the real world with that issue. Not even in really extremely niche industries. Certainly not in massive multi-billion dollar mainstream ones like this.
I would say keeping the software could lead easily lead to a breach is a pretty bad choice. I'd question any CIO who would say SMB v1 is acceptable and we feel confident we cannot be breached.
So it's either that or you ar actively putting your data and PHI at risk. Which could potentially lead to jail time.
How about turning all your dumb shit off by default MS? Then people can turn it on if they want. No need to have all this bullshit on installation.
Turning on SMB v1 is not a good thing 