The massive Windows 10 Anniversary Update arrived at the start of August, accompanied by sparklers, streamers, and the stuttering state of suspense most Windows users will by now find all-too-familiar.
Windows 10 Build 1607 — to give the update its official name — is really quite big. It leaves no corner of Windows 10 unturned, and is much, much bigger than its November counterpart. It is so big that you’ll now have a new Windows.old folder in your root directory. More on that in a moment.
Privacy and security are always present in the thoughts of Windows 10 users. Each time a new update rolls out, we quietly wonder “what on earth did they change this time?!” The Anniversary Update (referred to as AU forthwith) is no different. With that in mind, let’s take a stroll through the latest and greatest offering from Microsoft.
When Windows 10 arrived on our systems last July, it was quickly derided as a security and privacy nightmare. Sure, regular users were happy and the majority of those individuals don’t want to spend time fiddling around with their security and privacy settings. But the rest of us who actually care what is going on in our Windows system were left with a feeling of unease…like our choice in certain matters had been forcefully withdrawn. Like we’d been beheaded.
— Christian Anarchist (@Gene1Christian) June 27, 2016
Restore Your Preferred Settings
The AU didn’t actually change that many privacy settings. No, it actually did the opposite in some cases, resetting those well-tweaked and perfectly groomed privacy settings to make your system more affable to the call of Redmond. In a move that will come as no surprise to those using the Insider Preview Builds, your privacy settings will likely have been returned to their out-of-box state –- even ignoring your cloud stored user profiles/settings you selected during the installation process.
For instance, scrolling back through my settings, I noticed the option to Sync with devices had been turned back on. This allows my device (in this case, my laptop) to “sync info with wireless devices that don’t explicitly pair with your PC, tablet, or phone”. No, thank you.
Wait – there’s more.
Acknowledge Impotent Settings
Users had been working around Windows 10 privacy and update settings, recognizing that if Microsoft wasn’t going to change, they’d have to take the initiative. Registry hacks and detailed tutorials on how to use the Group Policy Editor to take back control of the automated update system followed.
Microsoft, apparently jolly unhappy that users have taken matters into their own hands, used the Windows 10 AU to remove several features of the Group Policy Editor that had been put to use in widely-circulated avoidance schemes.
The most common of these, at least for Windows 10 Pro users, was to simply edit the Automatic Update Group Policy. Instead of automatically taking care of downloading and installing all updates, Windows 10 would instead “Notify for download and notify for install.” Accompanying this on the Windows Update Settings page — Settings > Update & Security > Windows Update — was a message confirming that the user had enacted control over the policy.
However, I don’t want to jump the gun on this. It could be a display bug, producing the standardized statement for all users, though Microsoft has maintained a steady silence on this occasion.
N.B: This has been confirmed as a display error. The latest Definition Update for Windows Defender arrived with the option to download, per the below image.
However, a number of other Group Policies have now been designated for the sole use of Windows 10 Enterprise and Education editions, even if you have a Pro license. These include “Do not display the lock screen,” “Turn off the Store application,” and perhaps most infuriatingly of all, “Turn off Microsoft consumer experience.”
The latter offered users chance to stop Microsoft tracking their movement and updating their advertising profile, so I’m sure some users will be aggrieved at its removal.
The following Group Policies (now) apply only to Windows 10 Enterprise and Education editions:
- Configure Spotlight on lock screen
- Turn off all Windows Spotlight features
- Turn off Microsoft consumer features
- Do not display the lock screen
- Do not require CTRL+ALT+DEL
- Turn off app notifications on the lock screen
- Do not show Windows Tips Computer
- Force a specific default lock screen image
- Turn off the Store application
- Only display the private store within the Windows Store app
- Don’t search the web or display web results
You can read Microsoft’s comments just here.
It’s Not You, It’s Windows
Ben Stegner has provided excellent coverage on how to fix numerous Windows 10 Anniversary Update issues. Read through them. You’d be forgiven for mistaking Windows 10 for a completely new product, from a completely new company. But it just isn’t the case. I mean, come on: repining user-removed apps to the Taskbar? Resetting our default apps? More incompatible software errors?
Windows 10 Anniversary Update aka 'We re-pinned Edge and the Windows Store because you seemed to miss it last time :~)'
— Edward Fox (@icemaz) August 3, 2016
It isn’t fair to heap this much misery on those of us who use our computers for our livelihoods, let alone those users who just want to use their computer. Because even as Windows 10 has been seemingly designed around the latter, user experience is sustaining some serious blows. Or, as one Windows 10 user observed:
A Security Note
A redeeming feature!
This is quite a nice touch from Microsoft. Common sense and knowledge tells us that running concurrent antivirus programs creates the opposite to the desired effect. While they don’t entirely cancel each other out, they’ll compete for resources and potentially flag each other as a virus. Commonly accepted best practices are to install a single antivirus, and back that up with anti-malware tools.
Windows 10 AU brought a change to Windows Defender. Instead of simply turning it off so it no longer interferes with your antivirus software of choice, you can now set Defender to periodically scan, offering an additional line of system protection.
Starting with the Windows 10 Anniversary Update this summer … Windows 10 will include a new security setting called Limited Periodic Scanning. Windows Insiders can enable this feature on unmanaged devices today.
When enabled, Windows 10 will use the Windows Defender scanning engine to periodically scan your PC for threats and remediate them. These periodic scans will utilize Automatic Maintenance — to ensure the system chooses optimal times based on minimal impact to the user, PC performance, and energy efficiency — or customers can schedule these scans. Limited Periodic Scanning is intended to offer an additional line of defense to your existing antivirus program’s real-time protection.
To turn it on, head to Settings > Update & Security > Windows Defender.
Now turn Limited Periodic Scanning to On.
1. n. the bittersweetness of having arrived here in the future
Do we like it? Can we go back and tell our pre-Windows 10 AU-selves that everything is slightly different? Well, I guess you could just roll your Windows 10 installation back. If Build 1607 misplaced or absolutely ruined your system, there was indeed a 10-day grace period Microsoft was not very vocal about. If you’re reading this, you’ve likely missed the boat, my friend.
Microsoft has also been on the receiving end of an ear-bashing courtesy of the Electronic Frontier Foundation (EFF) regarding their now-widely accepted invasive practices, and complete disregard for consumer privacy with Windows 10. You can read the scathing review delivered by EFF Intake Coordinator Amul Kalia and make your own judgement; I think for the most part he is absolutely spot on.
The overall confusion surrounding Windows 10 privacy, the telemetry system, and how updates are handled in general, is nothing short of appalling in places.
There’s no doubt that Windows 10 has some great security improvements over previous versions of the operating system. But it’s a shame that Microsoft made users choose between having privacy and security.
Therein lies the decision that continually affects and vexes a significant number of users. We are a year down the line now, we understand why Microsoft implemented privacy settings in the current manner.
Microsoft should come clean with its user community. The company needs to acknowledge its missteps and offer real, meaningful opt-outs to the users who want them, preferably in a single unified screen. It also needs to be straightforward in separating security updates from operating system upgrades going forward, and not try to bypass user choice and privacy expectations.
Because the entanglement of the latter is forcing users into a corner, and those users are understandably choosing to explore alternative methods to restricting and curating all updates on their own terms. And because we have already seen that Microsoft isn’t impervious to the law, that regular users will take Microsoft to court, and will challenge this gradual erosion of user privacy — as they rightly should.
— @fonseca_pinto (@fonseca_pinto) July 27, 2016
Frankly, Microsoft, this is getting rather dull.
How much more can you take? Do you think a simple “handbrake” would ease the dissatisfaction? Or does the Update system need obliterating? Let us know your thoughts below!