Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Microsoft Operating Systems Windows

Microsoft No Longer Allows Admins To Block Windows Store Access In Windows 10 Pro (zdnet.com) 407

If you're an administrator, you will no longer be able to block Windows 10 Pro users on your watch from accessing the Windows Store. Mary Jo Foley reports for ZDNet: Up until a month ago, admins could use Group Policy to shut off employees' access to Windows Store if they were running Windows 10 Pro. Controlling this access is a requirement for some businesses. But last month, Microsoft changed that option, claiming that Store access was required for all versions of Windows 10 except Enterprise and Education "by design." Admins still can use AppLocker or Group Policy to block access to the Windows Store if their employees (or students) are running Enterprise or Education.
This discussion has been archived. No new comments can be posted.

Microsoft No Longer Allows Admins To Block Windows Store Access In Windows 10 Pro

Comments Filter:
  • God (Score:5, Insightful)

    by Anonymous Coward on Thursday May 05, 2016 @06:22PM (#52057215)

    This company SUCKS.

  • Par for the course (Score:5, Insightful)

    by Anonymous Coward on Thursday May 05, 2016 @06:24PM (#52057225)

    You don't own your computer. redmond does.

    • by ChromeAeonium ( 1026952 ) on Thursday May 05, 2016 @07:08PM (#52057501)

      This is increasingly apparent. My computer constantly bugs me about installing something I don't want, and I keep hearing stories of people whose computers decide to update anyway without their explicit permission, and of people who try to revert after the upgrade but have problems doing so. I paid for Windows 8. I don't really care for it, I preferred the last version, I liked the Start menu is much more useful than whatever the hell I've got now is called, but that's what I've got on my machine, and if it is really my machine, than I get the choice to do what I want, how I want, when I want, and if I want. Microsoft it seems does not appear to agree with that and can't take no for an answer. I don't care if Windows 10 is the best thing ever; it's my property and my choice.

      I've for years been one of those uncommon people who has had experience and done work on Mac and Linux systems but still preferred Windows. Next computer I get, and I'll likely be in that market soon, I do not think I will get a Windows machine. This is too much humbug, and I don't like where Microsoft is taking things. If this story is accurate, this is more of Microsoft trying to control what should be under your sole command and ownership, and that's not acceptable.

      • This also won't apply to you, because TFA is about blocking access to the App Store using Group Policies, which means a AD Domain connected device, not your home PC.

        Everything else you wrote I entirely agree with, if I didn't use Photoshop and Lightroom so much I'd install Linuxmint on my main desktop right now.

        • Depending on what you need it to do I have Photoshop CS2 working perfectly under wine on Linux Mint. I haven't tried Lightroom though

          • by SeaFox ( 739806 )

            Thanks for the info. Like the (great) grandparent poster I'm also in a position where I will be moving away from Windows for my next machine, but I was in the conundrum of 1) I like building my own computers vs. 2) I want to be able to keep using Photoshop.

            Was looking I was going to have to just get a Mac and give up the home-built hobby, but this gives me hope.

            • Depending on how much you use photoshop you may find dual booting is the way to go. I have been using Mint as my primary OS for about 4 years now and love it. However there are still a number of games that are windows only. Rather than fight with it I dual boot into windows, play my game and boot out again. The reason why I boot back out to mint though is I prefer the desktop environment, the file manager, natural support for NFS, multidesktops and the easy scripting capabilities.

              I get away using Libre

        • by arth1 ( 260657 )

          This also won't apply to you, because TFA is about blocking access to the App Store using Group Policies, which means a AD Domain connected device, not your home PC.

          Unless you have a Windows Home Server, a Samba 4 server, or other active domain controller at home, of course.

      • by inode_buddha ( 576844 ) on Thursday May 05, 2016 @09:06PM (#52058083) Journal

        " If this story is accurate, this is more of Microsoft trying to control what should be under your sole command and ownership, and that's not acceptable."

        I switched to linux full-time in 1997 (same year I started hanging out here) and this is the EXACT reason why. Their whole business model and philosophy just pissed me off no end when it shows in their products and marketplace behavior. Still going strong with slackware on the desktop, every day.

    • by donaldm ( 919619 )

      You don't own your computer. redmond does.

      I am fairly sure that this type of thing is really going to annoy business managers since if you want to have a server updated you have to go through Q&A on all potential updates with a change request being raised and approved. This is nothing unusual in many business and any system admin who allows updates to be installed on a machine without written permission is likely to be shown the door.

      Obviously this is different for an employees computer, however some firms do want some control over what is i

    • by Trax3001BBS ( 2368736 ) on Friday May 06, 2016 @05:11AM (#52059321) Homepage Journal

      You don't own your computer. redmond does.

      I can name the date we lost control, April 4th, 2015. The update KB3035583 was listed as only to make converting to Win10 easier, more of a description has been added to it since

      For seven days my HOSTS file blocked a 600K file collected over a 24 hour time from being to sent to a third party. Every malware protection on the market let it pass.

      The captured material which in my case starts:

      C:\Program Files (x86)\Opera15\28.0.1750.48\osmesa.dll 2,950.00 KB 4/3/2015 4:16:32 PM
      C:\Windows\Temp\CProgram Files (x86)Opera15\installing\osmesa.dll 2,950.00 KB 4/3/2015 4:16:32 PM

      Goes on for 4000 more lines ending in

      C:\Users\Tone\AppData\Local\Mozilla\Firefox\Profiles\4msw7c4t.default\thumbnails\cdd6f9ceb15e02a0a36b6164ce79484e.png 2.00 KB 4/4/2015 11:48:49 PM
      FFFFF

      Just today in the event viewer I found error entries saying GWX can't negotiate it's action (I've long ago deleted the X:windows/GWX directory).

      When I found it, it had three more config.cfg files so wasn't done, it was the file responsible for installing the icon that let one download and installed Win10 for one; and viewing the GWX errors in the event viewer shows it's not done.

      GWX is a pet peeve of mine. While I warned of GWX, the question I was always asked was how come I was the only person in the world to have this so called collected file, and the thread pretty much over, hey I tried. I was regulated to /.'s journal for some badly written attempts.

      Because of it none saw why a hosts file is ones main defense from malware and the more one builds on it (hosts file) the better it becomes; and their loss.

      • by pla ( 258480 ) on Friday May 06, 2016 @07:32AM (#52059725) Journal
        Because of it none saw why a hosts file is ones main defense from malware and the more one builds on it (hosts file) the better it becomes; and their loss.

        Microsoft (and malware authors) can - and have [slashdot.org] - simply rolled their own DNS clients to get around hosts-based blocking.

        If you trust any solution running on the same machine as the malware itself (whether that means a cryptolocker or GWX), you will eventually lose.
  • Or goodness... (Score:3, Insightful)

    by Anonymous Coward on Thursday May 05, 2016 @06:28PM (#52057243)

    Microsoft, can you please stop f**king up? You had one job.

  • by Opportunist ( 166417 ) on Thursday May 05, 2016 @06:31PM (#52057251)

    This time, I can actually believe it.

    There is a reason now to switch.

    • one word, though:

      MSoffice

      that, alone, keeps corp america locked to windows.

      pretty much that.

      • by houghi ( 78078 )

        I would narrow that down to Excel.

        • by PCM2 ( 4486 )

          I would narrow that down to PowerPoint.

          FTFY.

          • by dbIII ( 701233 )
            The web should have killed that piece of shit slideshow crap dead yet it still lives and spreads.
            • by epyT-R ( 613989 )

              well, yeah, except that powerpoint:

              1. saves self contained presentations that will run on anything that can run powerpoint. This is a big deal when it comes to media.
              2. local storage. presenters don't want to look bad if half the presentation fails because of some scripting error on a remote host somewhere
              3. has hardware/gpu acceleration for animations and vector art. sure, web 2.0 does a lot of this too, but it's at the mercy of the browser, revision, and the os it's running on, and each company has diffe

              • by serbanp ( 139486 )

                yes, but PDF can do all these and much, much better than PowerPoint. Probably the only appeal of PowerPoint is the ability to copy-paste snippets from other MSOffice tools.

          • by dysmal ( 3361085 )

            Those who have no point, use PowerPoint.

      • one word, though:

        MSoffice

        Until they hear about Wine or Crossover. MS Office seems to have high compatibility ratings on Crossover. [codeweavers.com]

        • For the little that I need to do with it Office 365 seems to work great on my Mint desktop wtih the Chromium browser.... as usual, your experience may vary

  • by flopsquad ( 3518045 ) on Thursday May 05, 2016 @06:31PM (#52057255)
    Why are they continuing to aggressively push invasive, paternalistic, and generally super-assholey "features" that make me never want to go back to a Microsoft OS?
    • by turkeydance ( 1266624 ) on Thursday May 05, 2016 @06:36PM (#52057269)
      me, too. 95 to XP to 7. nothing in-between. i'll stay 7 and wait.
    • by TheGratefulNet ( 143330 ) on Thursday May 05, 2016 @06:38PM (#52057297)

      MS realized that corp america will be stuck with them for still quite a while. home users user whatever comes installed; they mostly are just sheep and do what they are told. we are a tiny tiny exception. and beyond that, mac people are their own strange kind that will never consider using windows (most hate linux, too).

      MS can do whatever it wants and it will still have business' loyalty.

      the key was entrenching Word format and getting it so complicated that it simply cannot be made interoperable with free alternatives.

      when all your docs are locked to MS formats, you know the result. you have no choice anymore.

      MS stopped trying to get us to CHOOSE windows. they now have decided to say 'fuck it' and just force whatever they want on people and with win10, they remove all your choices. little by little, the frog is slowly cooked and users are having all their choices taken away, for rejecting updates and for setting policies on their own.

      you and I will reject windows, but again, we are not big enough ($$) to even register on the pocket-change o-meter that MS has. MS is kept alive by business licenses and the home stuff is just to keep you 'trained' on using windows so that business will continue to think that their userbase needs to continue with that same old os.

    • by mhkohne ( 3854 ) on Thursday May 05, 2016 @06:47PM (#52057369) Homepage

      Because renting you stuff and getting a steady revenue stream is a WAY better business model than trying to get you to buy a new version every few years.

      The truth is that selling the OS & Office the way they have been is a sucky way to make money - you have to put out a bunch of cash making the new version, then hope you can con enough suckers into buying it to make your money back at the end. Much better to sell monthly subscriptions to Office 365 through your controlled App store. Plus, you can charge a fee to let other people sell through your app store.

      I'm waiting for the day that they try to block non-app store installs.

      • by KlomDark ( 6370 )

        > I'm waiting for the day that they try to block non-app store installs.

        Ugh, you are probably right.

        Is there any good open-source memory-managed languages out there with a solid IDE to use. Sorry, I am way too many years down the C# path to just easily jump to C/C++, I hate dealing with memory issues. I'm spoiled, I don't want to think about allocating and deallocating memory, and even worse, memory leaks. I just want to build new software and get things done. I don't wanna do Java, another corporate lan

    • by jtownatpunk.net ( 245670 ) on Thursday May 05, 2016 @07:30PM (#52057635)

      I miss Windows 2000.

  • There's probably technical reasons for this but I am sure they also don't mind the ability to get greater visibility of the store and additional revenue.
    • Re:I am guessing (Score:5, Insightful)

      by rudy_wayne ( 414635 ) on Thursday May 05, 2016 @06:49PM (#52057381)

      There's probably technical reasons for this

      No, there isn't.

      additional revenue.

      The *ONLY* reason it's being done.

    • I imagine even if you don't install apps from the store, the store still has all of the deployment and patching code built into it that's necessary to install an AppX.

    • Yes. Enterprise edition which is alot more expensive has the gpo support to block it. Go buy the enterprise will make them more money and app store for not. MS wins either way. On Neowin
      Net there are lots of folks defending it saying if you have more than 20 employees you should pay for a $100,000 license and audit rights anyway. Jeesh

      • Honestly, I can't imagine why would defend what Microsoft is doing with windows 10 at this point. You gotta imagine they're either trolls or work for ms. ... but no, apparently some people are happy being owned by ms
  • ...who the customer is.
  • Since the number of good apps in store is next to nothing, employees will have nothing to find to distract them.
  • Forced "upgrades", removing features after the fact, spyware you can't disable.

    Please Microsoft, keep pissing off users and administrators. Soon since everything will be "in the cloud" and all apps will be web based we won't have a reason to use your shitty OS anymore.

  • by Anonymous Coward on Thursday May 05, 2016 @06:42PM (#52057329)

    Candy Crush Pro Business

  • by AbRASiON ( 589899 ) * on Thursday May 05, 2016 @06:46PM (#52057361) Journal

    I'm not your normal /. "#$%! Microsoft" kinda guy. I've been an MS guy my whole life, only dabbling in other OSs briefly.

    Often you see people (here) chanting about #@$%^ Microsoft or "are you surprised" or any other snarky remark, I traditionally dismiss these as the extreme tinfoil people who would hate whatever they do, regardless.

    That being said, Microsofts moves with Windows 10 have gone from "hmm ok that's questionable, but I can see past it" and "this looks desperate, it's kinda shitty, but oh well" and "well that's definitely dumb, but I'm sure some great nerd will hack up an awesome all-in-one little 'fixit' tool for Windows 10 to take out all the crap"

    It's now at a point where it's outright sounding BAD. Like proper, bad. The things they keep doing are worse and worse, more and more intrusive. I thought the pushy installer was rough but ok, once it's on, they aren't going to abuse it too much, they are getting their data, from most people who aren't clever enough to turn stuff off.
    Nope! It's getting SO bad, I'm really thinking of sticking with 7 as long as humanly possible. Maybe I really will end up a Mac guy after all, or something?

    Super unimpressed at this point.

    • by cfalcon ( 779563 ) on Thursday May 05, 2016 @06:57PM (#52057431)

      Basically, if you can pay the Mac tax, consider it. Also consider Linux and BSD.

      I've always had a real beef with Microsoft's many shady dealings. If you have followed them closely, they did a lot of really shady stuff, and had legal pushback. Eventually, they settled into a path where they were making plenty of money and were sort of easy to predict- when they screwed up, which was sometimes, they would try to make it right. This long gentle summer of Microsoft had its peak with Windows 7. Windows 8 didn't feature any of the strange drama we see in 10, but we saw the designers essentially say "we want to move casual users away from the old UI". That's why they pretty much did everything they could to ruin it- if it was still there and easy to turn on, power users would run a script for their friends, and everyone would have the old UI. But this decision was ACTIVE and MALICIOUS. Windows 10 is an absolute nest of drama, as you've noticed.

      Basically, the reason you weren't a "screw Microsoft" guy is that you weren't paying attention. I was fine with 7- it offers way less freedom than non-Windows OSes, but it ultimately belongs to the user. Windows 10 breaks that totally. Microsoft sometimes briefly releases the coils. That's just to get you to inhale and exhale so it can clamp down tighter next time. Stop falling for it. Use another OS for everything you possibly can. Evaluate carefully each demand from those around you to install a new MS-only thing. Push back where you can. If you really can discard Microsoft completely, good. But you'll never see how hard it is until you try, how thoroughly they have themselves wrapped tight around anything that they can.

    • by labnet ( 457441 )

      The issue is, most technical workers have to use windows, as most pro level CAD, CAM and even Embedded Development platforms, are windows only.
      The monopoly will be around for at least my lifetime.

      • One (dedicated and heavily firewalled) machine for the CAD/CAM/wahtever special tool, one for desktop use. Relatively easy, relatively cheap. Treat those super specialized applications as an "appliance" instead of a software package on a desktop machine...

    • by vux984 ( 928602 ) on Thursday May 05, 2016 @07:23PM (#52057603)

      " Maybe I really will end up a Mac guy after all, or something?"

      Ok. Since the presence of the 'forced' app store on Windows 10 offended you so much that you are considering switching to Mac.

      What is the Apple supported way to remove the App Store in OSX El Capitan?

      The app store in OSX is, if anything even more integrated than the App Store in Windows is, as it delivers OS updates as well. I look around a bit and found a few articles from circa 2011 when they first introduced it in 10.6. and even back then the removal instructions amounted to hacks where "you can do a-b-c to remove it but its not supported by apple at all". And that was several releases ago now.

      So here we have a case of Microsoft doing a thing that everyone has seemingly already accepted from Apple years ago... but hate Microsoft doing it so much that they threaten to switch to Apple over it... so...um... yeah.

      • by Anonymous Coward on Thursday May 05, 2016 @08:26PM (#52057893)

        "Restrict App Store to MDM installed apps and software updates only": "When this option is on, the App Store can only be used to update apps installed by MDM and Apple software updates. The default is Off."

        • by vux984 ( 928602 )

          "Restrict App Store to MDM installed apps and software updates only":

          Do you not need an OSX Server to do that though? Fewer people have those than have Windows 10 Enterprise licenses.

          I mean even Microsoft has a very simple solution involving Active Directory and Windows 10 Enterprise licensing. Its there its just not cheap.

          • by tlhIngan ( 30335 )

            "Restrict App Store to MDM installed apps and software updates only":

            Do you not need an OSX Server to do that though? Fewer people have those than have Windows 10 Enterprise licenses.

            I mean even Microsoft has a very simple solution involving Active Directory and Windows 10 Enterprise licensing. Its there its just not cheap.

            Yes, it does need OS X server, which since Mavericks is a $20 add on to OS X [apple.com] - OS X server is no longer a separate OS you install. Instead it's just an addon (which doesn't really add any

      • This isn't me angry about the forced App store in Windows 10, it's about the culmination of all the shitty things they've done in the past 18 months.

        They might have a history long, long ago of being quite evil but there was a period there, where I personally, really didn't see them being all that bad, within reason for a business anyhow. It's now getting utterly ridiculous.

        Yeah proprietary Mac store is frustrating but for the most part with MacOS you're the consumer, under Windows 10 and the spying stuff

        • by vux984 ( 928602 ) on Thursday May 05, 2016 @11:13PM (#52058531)

          under Windows 10 and the spying stuff (which is sadly, mostly true) you're the product.

          It's really not much different in OSX.
          1) Spotlight has been in OSX forever and can be used to search web so potentially 'local search terms are sent out to the internet'. Same issue as windows search.

          2) "Microsoft Accounts" to sign-in; again just retreading a feature OSX *already* has, where OSX prompts you to create an account tied to your AppleID with itunes, appstore, and icloud links.

          3) App Store you can't remove... as discussed OSX had it years ago.

          4) Telemetry -- ok windows got here first; but honest to goodness telemetry really isn't the bogeyman its made out to be. Yes, its truly irritating microsoft hasn't been transparent enough, and bizarre they won't just let you turn it off. (Most people won't even bother so why not just let that vocal group turn it off and avoid the circus I don't know.)

          5) "Spying"; ok... lets stop there and talk Cortana first. Because again OSX did it first, with siri. But so far Siri is only on your phone -- and a TON of the information that is so-called spying (and part of why the EULA is such a wide cast net) is related to the cortana "feature"... to function as designed it "needs" to know who your contacts are, your search terms, your calendar, document meta data, etc, etc. And it needs to be in the 'cloud' so it can be processed and available on other devices you use, etc, etc. And further for Cortana to be be any use she needs to be pretty integrated into the OS... so where am I going with this? Siri is exactly the same, on IOS. All the same problems are there. Microsoft's only 'innovation' is to put it on the desktop.

          So what about apple? Watch for the June WWDC where Apple annouces Siri availability for OSX... and then check out the accompanying EULA that has to go with it.

          • by Anonymous Coward on Friday May 06, 2016 @03:20AM (#52059085)

            >1) Spotlight has been in OSX forever and can be used to search web so potentially 'local search terms are sent out to the internet'. Same issue as windows search.

            When you disable spotlight's web search [howtogeek.com] it stays disabled.

            >2) "Microsoft Accounts" to sign-in; again just retreading a feature OSX *already* has, where OSX prompts you to create an account tied to your AppleID with itunes, appstore, and icloud links.

            And you can freely ignore this with no real drawbacks.

            >3) App Store you can't remove... as discussed OSX had it years ago.

            It's not that you can't remove it, you stupid fuck. It's that MS won't let the admin block it. Apple *does* allow MDM to restrict the app store to updating MDM installed apps and the OS only. Which is what MS just removed from their platform.

    • by 110010001000 ( 697113 ) on Thursday May 05, 2016 @09:23PM (#52058139) Homepage Journal
      Really? I think the point is you should be using Enterprise if you want to do things like let admins block apps. That is what Enterprise is for. It sounds like it was a bug in Pro.
  • by nanodec ( 999112 )
    Sorry but it's a royal PITA to have to contend with Candy Crush, XBox and misc stupid shit in Win10 on a corporate environment. Still fucking hate 10.. >:(
  • Bullshit... (Score:5, Informative)

    by Lumpy ( 12016 ) on Thursday May 05, 2016 @07:36PM (#52057659) Homepage

    If you're an administrator, you will no longer be able to block Windows 10 Pro users on your watch from accessing the Windows Store.

    Works just fine with some firewall rules on the core router in the office.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      I didn't even know that my watch could even RUN Windows 10 Pro...

  • What competent windows administrator hasn't already blocked the telemetry, live tile, and play store IP addresses at the corporate firewall already?

    This is a dick move for sure by microsoft (not that apple didn't do this years ago), but seriously folks... Maybe for certain elements you use the domain policy to disable features and whatnot, but blocking access to other computers is EXACTLY why we have firewalls.

    I'm not a very good windows admin, just a programmer for a small consulting company. And the very

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      You shouldn't have to do this. Essentially you're treating the OS itself as malware.

    • by dbIII ( 701233 )

      What competent windows administrator hasn't already blocked the telemetry, live tile, and play store IP addresses at the corporate firewall already?

      What competent windows administrator is inflicting MS Windows10 on their users when MS Windows 7 is still on sale :)

      You brought up the "competent" thing so expect something back when you frame things in such a way.

  • Just as I am getting tempted to try windows again for my next P.C build, I read stories like this.

    It is not that this would necessary affect me in a negative way either - I just don't want to support a product that (overtly) treats me more like a commodity than anything else.

    Thankfully delivered from evil.

  • Don't trust policy settings. Drop those packets instead.
    It will at least work until updates have to come from their marketing site.
  • See Comment... (Score:2, Insightful)

    by LVSlushdat ( 854194 )

    FUCK MICROSOFT!! (*somebody* had to say it.. the fanbois never will...)

  • This should piss off all the sysadmins that keep pushing windows/Microsoft infrastructure down our throats at work.

  • Given how often the store crashes on Windows 10 right now a good portion of Windows user can't access it anyway.

If you can't get your work done in the first 24 hours, work nights.

Working...