WW 734: Show Me Your Hands, Bob

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

1 Like

Hivenightmare: This is not a VSS problem, it is exacerbated by VSS Shadow Copies, when they exist, as you will need to clear them out, once you have actually fixed the problem.

Unfortunately, @thurrott got this wrong on the show, as he did on his site.

The problem is that every user has read access to the SAM database and a few other files, in the C:\Windows\System32\Config directory. That means anyone logged onto the PC can view the files or any malware on the machine can access the file and extract the password hashes - and there are various programs around which can work out passwords for the hashes.

You need to open a command window as Administrator and run:

icacls C:\Windows\System32\Config*. /inheritance:e*

After you have done that, if you have any VSS shadow copies on the system, because the shadow copies also have a copy of the files in this unprotected state, you will need to remove them as well - you usually have to have turned it on manually, but if the partition is over 128GB in size, Windows Update or an application installation using a .msi installer will automatically generate a VSS shadow copy, before installing the updates / the application.

vssadmin list shadows

Lists all existing shadow copies on your system.

vssadmin delete shadows /all

deletes all the shadow copies on your system. If you want to, you can generate a new shadow copy afterwards.

1 Like

I’m not sure I would ever be a fan of Windows365. I work in a remote call center and we use VMware running Windows 10. Granted this is on the employers servers from what I can see. As if there is a hick up with the VM it seems to affect everyone site wide. Maybe with Microsoft running it this won’t be such an issue. But this is automatically what I’m assuming will be the downfall of the service.

1 Like

The discussion on Windows 365 was worse/more expensive than discussed, although the key points were glossed over - I think the import was missed, even though it was mentioned.

To use Windows 365, you need to bring a Windows 10 Enterprise license with you! That is either through Microsoft 365 or a similar licensing programme. That means, that $31 a month is on top of what you already pay per-use-per-month for the Windows Enterprise licensing. I think the minimum M365 plan with a Windows 10 Enterprise license is around $32 per user per month (E3).

Secondly, you still need to provide the users with a PC or other device to connect to the Windows 365 instance. On top of that, you need to provide them with the Windows 365 service itself.

So, we are talking $31 for the Windows 365 + $32 for Microsoft 365 + a one-off payment for a suitable device to allow the users to connect. So, $372 a year for the Windows 365 service + $384 for the Microsoft 365 service + a device for connecting.

We already provide each user with a 400-450€ PC with Windows 10 on it (mobile users get a $700 Dell laptop), which gets replaced every 5 years. That Windows 10 PC has a Core i3 processor, 256GB SSD and 8GB RAM, so already exceeds what the specification of what Microsoft is offering. Over its lifespan, it costs us $7.50 a month. That is a lot cheaper than a Windows 365 instancew, oh, and we’d have to pay that equivalent of $7.50 a month, whether we use Windows 365 or not. The PCs are in the domain, are locked down and get updates and protection pushed out from our central infrastructure, so it already has similar management…

In addition, 20mbps connection is a lot. Our corporate headquarters has around 20 employees and we have a 50mbps connection (the highest available at that address), that means 2.5 employees could work at any one time. Currently, our corporate software runs out of our datacentre in the next town over at our main production facility. The 20 users work over RDP on terminal servers for much of our corporate software, and that uses less than 20mbps for all users!

We are a Microsoft 365 user, so I’m not anti-Microsoft in this, just pointing out the cost of the Windows 365 service is a lot higher than the $31 headline price, which I find high to start with. Heck, my home PC is a Ryzen 7, with 8 cores and 16 threads, 32GB RAM, 3 SSDs and an 2TB HDD, that costs me less than $20 a month, over its lifetime, including the Windows license.

1 Like

Great Show as always Everyone. I have a question. During the Windows 365 discussion, Leo said that if a company has its own apps (I am assuming he means Win32 apps) you will need to be using a Windows machine as the thin client to install them on the Windows 365 cloud PC, and then Mary Jo said “Yes.”

Just want to make sure that is the case. That sounds odd to me. For example, I run a small business and have many win 32 apps that all my employees use. Does this mean if I were to use this service, all my employees would still need Windows machines, not the less expensive chrome book option?


Another thing that is not clear is whether Microsoft is managing these systems (i.e. updates, security updates, application updates) or if you still need an IT staff to manage that.

On recommended apps in the Windows 11 Start Menu, it’s absolutely a stand-in for future Microsoft advertising. Is this why Windows 11 is “free” again?

Just checked the latest Edge stable (92.0.902.55): if you add a website to the shortcut links, Microsoft throws in three advertisements, 2 of 3 that have nothing to do with Microsoft’s competencies:

Of course the suggestions are permanent: they cannot be dismissed, refreshed, nor removed permanently, as far as the UI shows.

It rubs you the wrong way. Of course, Microsoft will retort, “It’s a free browser, what did you expect? You’re the product and we need to add 0.5% revenue this quarter!”

I think a bigger problem would be consistent bandwidth. I’m running DSL in my flat because my buidling has only just been wired for fiber and, every so often, it’ll go down for a couple of seconds and then get really slow.
I might be able to see a reason for this if it meant you didn’t need the IT department but, no, you still would… even if it’s just the guy you’re employing to fix the computers when they break.
Also, let’s be honest, it’d work for people like @MaryJo who probably would be OK with a Chromebook but, if you need anything more than that, it’d be useless. If you’re doing any content production stuff or intense graphics or CAD work, then I can see death by latency being an issue.

My other obseration would be that I could have sworn that Amazon Workspace is cheaper, at least it seemed to be when I looked!

1 Like