Microsoft Edge vulnerable to cookie and password theft

The Microsoft Edge browser seems to have a severe password vulnerability. Recent reports reveal that attackers or hackers could easily obtain user password and cookie files for online accounts, a vulnerability that was discovered by security expert Manuel Caballero, someone with vast experience of unearthing Edge and Internet Explorer bugs and flaws. It also seems that attacks can be customized to dump the passwords or cookies of more online services such as Amazon, Facebook, and more.

Microsoft cloud TITSUP: Skype, Outlook, Xbox, OneDrive, Hotmail down

The problems appear to have started on Tuesday, March 21, 2017 morning Pacific Time, although systems could have started to wobble earlier: basically, people were and still are unable to log into their Microsoft-hosted services.

So, it sounds like someone broke something within Microsoft’s account authentication systems, locking millions out of their services for several hours.

Gmail will stop working in Chrome browser for Windows XP and Vista

Gmail online service will show a message warning about the termination of support for Chrome browser older versions. Due to significant changes relating to safety you have to download the 55-th Chrome update to continue using mail services.

Unfortunately, the above solution is not suitable for users of Windows XP and Vista because Microsoft has stopped the support for these operating systems and Chrome updates for them was stopped after version 49.

Gmail services would work till the end of the year in case you won’t update OS and browser. However, service will begin to redirect Windows XP and Vista users to the basic HTML version of the interface with a lower level of functionality and protection.

Ferma VDI

Installing a white certificate on a Microsoft VDI farm

Many companies using VDI infrastructure for remote work from the uncontrolled personal workstations of the company’s employees. External users face the problem of distrusting the certificate issued by the corporate certifying authority when publishing a VDI farm to the Internet. As a result, security warnings appear when connecting remotely.

RD Connection

In this case, the warning appears twice: at the first connection the broker server is untrusted; at the second connection, the VDI farm virtual machine is untrusted.

To resolve this problem, many system administrators suggest either checking the “Don’t ask me again” checkbox and ignoring this message, or “whitelisting” the root certificate on user’s remote computer and publishing the corporate CA’s CRL. However, such methods don’t work if users connect from different locations each time or connect to different virtual machines.

Solving this problem requires you to use a “white” certificate issued for the VDI farm by the trusted certificate authority. The names of the external certificate and the VDI computers must match.

The solution

First of all, we need a wildcard certificate (*.yourcompany.com) issued by the trusted certificate authority.

Add a new DNS suffix to the domain:

Add a new Active Directory Integrated zone (yourcompany.com) to serve internal requests for new server names and VDI farm virtual machines on a domain controller in DNS.

To have an additional domain suffix in a domain you have to edit the msDS-AllowedDNSSuffixes attribute at the domain level. You must add the internal and external domain names as the attribute value. For example, yourcompany.local and yourcompany.com. Create a new group policy at the domain level to specify the DNS suffixes that can be added to short names in DNS queries.

edit msDS-AllowedDNSSuffixes attribute

Enable the following policy: Computer Configuration \ Policies \ Administrative Templates \ Network \ DNS Client\ DNS suffix search list. Then add the internal and external domain name values, separated by commas.

DNS suffix search list

Setup certificate for RD server

You also have to change the DNS suffix of the planned RD servers to the external domain name before creating the VDI farm. Go to system properties and click “Change…”. Click “More…” on the “Computer Name/Domain Changes” tab and enter the new primary DNS suffix – yourcompany.com.

Computer Name/Domain Changes

Next create a new VDI farm based on the selected Microsoft Windows Server 2012 R2 servers. You can easily find information online about how to do this.

After you receive the certificate’s pfx file, you can install it on the new VDI farm. On the RD Connection Broker server, go to Server Manager > Remote Desktop Services > Overview. In the Deployment Overview field, select Edit Deployment Properties in the Tasks dropdown list.

RD Connection Broker server edit

Open the Certificates tab and set up the necessary *.yourcompany.com certificate for each farm service.

Add the certificate for each service role. Click “Select an existing certificate…”, then specify its file path and password.

RD Connection Broker server

In the end, the following certificates will be installed on the VDI servers, but not on virtual machines. The SSLCertificateSHA1Hash REG_BINARY parameter appears with the thumbprint certificate value in the registry on Connection Broker server at the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.

This parameter determines which certificate will be used while the RDP session is being established. Add it to the registry on the client machine as well.

SSLCertificateSHA1Hash REG_BINARY

Installing the certificate on virtual machines

The following are required when using a white certificate on virtual machines:

  • Install the certificate in the personal certificate store on every machine.
  • Set the certificate key read permissions for each machine’s Network Service.
  • The SSLCertificateSHA1Hash REG_BINARY certificate parameter must have the thumbprint value.
  • Virtual machines names must match the certificate name (have the yourcompany.com suffix)

Create a new group policy at the Organizational Unit level, dedicated to the VDI farm’s virtual machines’ accounts.

This policy must run Startup Script ExportVDICert.bat on the virtual machines.

Startup Script ExportVDICert.bat

The script below uses the Microsoft Certutil and FindPrivateKey utilities. Certutil is a built-in utility. FindPrivateKey is provided as a Sample tool for developers and can be compiled independently. The script must be added to the policy.

The certificate and FindPrivateKey utility must be placed in the network folder where the script will grab the installation files. Here’s the script:

certutil -f -p “” -importpfx “” NoExport

c:

mkdir “c:\TempCertSecurity”

cd c:\TempCertSecurity”

xcopy “” “c:\TempCertSecurity”

FindPrivateKey.exe My LocalMachine -t

-a > tmp.txt

set /p myvar= < tmp.txt del tmp.txt del FindPrivateKey.exe cd \

rd “c:\TempCertSecurity”

cacls.exe %myvar% /E /G “NETWORK SERVICE”:R”

This script will install the new certificate with permissions after the virtual machine is rebooted.

The next part of the policy has to do with the SSLCertificateSHA1Hash installation option. The required key is configured via Preferences \ Windows Settings \ Registry

SSLCertificateSHA1Hash installation option

To change virtual machines’ Primary DNS Suffix in the policy in a central way, enable the Primary DNS Suffix and set yourcompany.com as the external domain name.

Primary DNS Suffix

The machine will receive the new FQDN and corresponding white certificate after being rebooted. After you perform all these operations, your users will no longer see the annoying security alerts.

Vulnerability Review 2016

New security vulnerability research realeased by Flexera. There were over 2,000 number of vulnerabilities across the top 20 software products, many of which you are using right now.

According to Flexera, the largest instances of vulnerabilities were attributed to Microsoft with 518 across its Windows 10, Windows Server 2012, Windows 8 and Windows RT operating systems.

Read more…

Deleting / restoring Metro apps in Windows 10

Deleting / restoring Metro apps in Windows 10

No matter how many supporters of the old version of the OS exist at present, it’s high time to turn to Windows 10. Accordingly, I invite you to take a closer look at the preloaded Metro apps. You will agree with me that very few people use absolutely every application forced upon us by Microsoft. Most of them just take up space, and are sometimes even annoying. In this article I will share with you a way to “clean” the system of such needless apps on Windows 10.

Deleting

So let’s discuss deleting needless apps. I suggest you use a PowerShell script to display all installed Metro apps. Then it’s up to you whether to delete all or just some of them.

 

 

The script is as follows:

Function PSCustomErrorRecord
{
Param
(
[Parameter(Mandatory=$true,Position=1)][String]$ExceptionString,
[Parameter(Mandatory=$true,Position=2)][String]$ErrorID,
[Parameter(Mandatory=$true,Position=3)][System.Management.Automation.ErrorCategory]$ErrorCategory,
[Parameter(Mandatory=$true,Position=4)][PSObject]$TargetObject
)
Process
{
$exception = New-Object System.Management.Automation.RuntimeException($ExceptionString)
$customError = New-Object System.Management.Automation.ErrorRecord($exception,$ErrorID,$ErrorCategory,$TargetObject)
return $customError
}
}

Function RemoveAppxPackage
{
$index=1
$apps=Get-AppxPackage
Write-Host “ID`t App name”
foreach ($app in $apps)
{
Write-Host ” $index`t $($app.name)”
$index++
}

Do
{
$IDs=Read-Host -Prompt “Which Apps do you want to remove? `nInput their IDs by space (e.g. 5 12 17). `nIf you want to remove every possible apps, enter ‘all'”
}

While($IDs -eq “”)

if ($IDs -eq “all”) {Get-AppXPackage -All | Remove-AppxPackage -ErrorAction SilentlyContinue –confirm

$AppName=($ID -ge 1 -and $ID -le $apps.name)

if (-not(Get-AppxPackage -Name $AppName))
{
Write-host “Apps has been removed successfully”
}
else
{
Write-Warning “Remove ‘$AppName’ failed! This app is part of Windows and cannot be uninstalled on a per-user basis.”
}

}

else {

try
{
[int[]]$IDs=$IDs -split ” ”

}

catch
{
$errorMsg = $Messages.IncorrectInput
$errorMsg = $errorMsg -replace “Placeholder01”,$IDs
$customError = PSCustomErrorRecord `
-ExceptionString $errorMsg `
-ErrorCategory NotSpecified -ErrorID 1 -TargetObject $pscmdlet
$pscmdlet.WriteError($customError)
return
}

foreach ($ID in $IDs)
{
#check id is in the range
if ($ID -ge 1 -and $ID -le $apps.count)
{
$ID–
#Remove each app
$AppName=$apps[$ID].name

Remove-AppxPackage -Package $apps[$ID] -ErrorAction SilentlyContinue –confirm
if (-not(Get-AppxPackage -Name $AppName))
{
Write-host “$AppName has been removed successfully”
}
else
{
Write-Warning “Remove ‘$AppName’ failed! This app is part of Windows and cannot be uninstalled on a per-user basis.”
}
}
else
{
$errorMsg = $Messages.WrongID
$errorMsg = $errorMsg -replace “Placeholder01”,$ID
$customError = PSCustomErrorRecord `
-ExceptionString $errorMsg `
-ErrorCategory NotSpecified -ErrorID 1 -TargetObject $pscmdlet
$pscmdlet.WriteError($customError)
}
}
}
}

$result = 0;

while ($result -eq 0) {

RemoveAppxPackage

$title = “Delete Apps”
$message = “Do you want to continue?”

$yes = New-Object System.Management.Automation.Host.ChoiceDescription “&Yes”, `
“Yes, I want to remove another application.”

$no = New-Object System.Management.Automation.Host.ChoiceDescription “&No”, `
“No, all unnecessary applications are removed.”

$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)

$result = $host.ui.PromptForChoice($title, $message, $options, 0)

}

 

 

Save the script in .ps1 format or download it. I recommend creating a batch file for the script below in order to simplify running as an administrator (save it in .bat format and UAC will automatically request confirmation):

 

 

.bat script

@echo off
cls

echo Apps
echo.
echo press any key to continue…

pause > NUL

echo
echo.

PowerShell -NoProfile -ExecutionPolicy Bypass -Command “& {Start-Process PowerShell -ArgumentList ‘-NoProfile -ExecutionPolicy Bypass -File “”%~dp0.\app.ps1″”‘ -Verb RunAs}”

echo You deleted apps…
echo.
pause

Где app.ps1 – имя сохраненного power shell скрипта.

 

 

Note: When the script is run that way you may see a warning message: “Execution Policy Change”.

PowerShell Execution Policy Change

Choose “Yes” to make the change.

You will then see the following:

list of installed apps PowerShell

There is a list of installed apps on the screen. And asked to list (separated by spaces) the ones that you want to delete.

Let’s say you decide to delete Microsoft.BingNews. In that case, type in the corresponding application number. If the operation succeeds, you should get the following:

PowerShell operation succeeds

Please note that you can’t remove system apps. If you attempt to do so, you will receive the following message:

PowerShell administrator warning

This applies to applications such as:
• Microsoft.Windows.Cortana
• MicrosoftEdge
• ContactSupport
• PrintDialog, etc.
The screenshot below features a more detailed list of “immortal” apps:

list of

There is a way to remove all apps at once (except the “immortal” apps described above). To do so, type “all” instead of a specific app’s number, and confirm removal of all apps (Yes to All) or confirm each removal individually (Yes).

list of

Restoring

If you accidentally delete or subsequently decide you want to use a particular app, you can restore it through the Windows Store or use the following suggestions.

For example, if you want to restore the Store app, which happened to be deleted by the script above, you should run the following command in PowerShell with administrator permissions:

Add-AppxPackage -register "C:\Program Files\WindowsApps\*Store*\AppxManifest.xml" -DisableDevelopmentMode

You can restore other applications in a similar manner by putting their names between asterisks. If you need to restore a large number of apps, it’s better to use a script (add / remove lines as needed).

 

 

Script to restore apps:

Add-AppxPackage -register “C:\Program Files\WindowsApps\*Weather*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Finance*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Maps*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*News*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Sports*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Travel*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Camera*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Reader*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Xbox*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Alarms*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Calculator*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*OneNote*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*People*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*SoundRecoder*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*3dbuilder*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Store*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Photos*\AppxManifest.xml” -DisableDevelopmentMode
Add-AppxPackage -register “C:\Program Files\WindowsApps\*Phone*\AppxManifest.xml” -DisableDevelopmentMode

 

 

As before, save and, if necessary, edit the script and run it.

Alternatively, if you want to restore the entire set of pre-installed utilities, type the following line in PowerShell with administrative permissions. This means you don’t need to be afraid to experiment. Restoring the previous state is easy:

Get-AppxPackage -AllUsers| Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

You may see warning messages while restoring apps. They refer to apps that are currently running.

Restoring Photo Viewer in Windows 10
Most users who install Windows 10 are dissatisfied with the lack of the photo viewing app – Windows Photo Viewer.
To restore Photo Viewer, you need to add some keys in the registry. To do this, save the following script with the .reg extension and run it. Then set the app as the default app for opening images: Settings – Default apps – Photo – Windows Photo Viewer:

Default apps Windows 10

 

 

Script to add keys to the registry

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
“.jpg”=”PhotoViewer.FileAssoc.Jpeg”
“.wdp”=”PhotoViewer.FileAssoc.Wdp”
“.jfif”=”PhotoViewer.FileAssoc.JFIF”
“.dib”=”PhotoViewer.FileAssoc.Bitmap”
“.png”=”PhotoViewer.FileAssoc.Png”
“.jxr”=”PhotoViewer.FileAssoc.Wdp”
“.bmp”=”PhotoViewer.FileAssoc.Bitmap”
“.jpe”=”PhotoViewer.FileAssoc.Jpeg”
“.jpeg”=”PhotoViewer.FileAssoc.Jpeg”
“.gif”=”PhotoViewer.FileAssoc.Gif”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap]
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,36,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-70”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
“EditFlags”=dword:00010000
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-72”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open]
“MuiVerb”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg]
“EditFlags”=dword:00010000
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-72”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open]
“MuiVerb”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif]
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-83”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png]
“ImageOptionFlags”=dword:00000001
“FriendlyTypeName”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\DefaultIcon]
@=”%SystemRoot%\\System32\\imageres.dll,-71”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp]
“EditFlags”=dword:00010000
“ImageOptionFlags”=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\DefaultIcon]
@=”%SystemRoot%\\System32\\wmphoto.dll,-400”

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell]

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open]
“MuiVerb”=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\DropTarget]
“Clsid”=”{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
“ApplicationDescription”=”@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3069”
“ApplicationName”=”@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3009”

 

 

Saving the results

To ensure that all this effort is not in vain, I recommend that you edit the registry to disable automatic installation of apps.
To do this, log in under an administrator account. In the registry, go to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WindowsStore \ WindowsUpdate.
And change the value of the setting (default 4):
2 – turn off automatic updates of user apps,
4 – turn on automatic updating of custom apps.

WindowsUpdate

Or you can use the following script to change the registry (save as a .reg file and run):
Here is a script to disable automatic updates when installing applications:

 

 

Here is a script to disable automatic updates when installing applications:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsStore\WindowsUpdate]

“AutoDownload”=dword:00000002

 

 

P.S. I hope the proposed method of removing / restoring apps will make it easier for you to adjust Windows 10 on your PC. After making all of your changes, I also recommend that you reboot your PC.

More articles about OS WINDOWS 10

SharePoint + Office Online

Collaborate on documents: SharePoint 2016. Part 2. Configure external access

This post continues the series of articles about SharePoint Server. In the first part, we looked at features for collaborating using Office Online and the desktop version of MS Office programs. This article will show you how to start and publish using SharePoint + Office Online.

We consider the case when it is important for the company to keep all the infrastructure and data stored in it under their control. In other words, with an extensive on-premise SharePoint 2016 farm.

Let’s get started.

DNS

In our case, we use Split DNS where the names for internal and external areas are the same.

For example: External domain servilon.com, external names: sp2016.servilon.com and oos2016.servilon.com.

Solution: On the internal DNS, add two new Forward Lookup Zones with the corresponding names: sp2016.servilon.com and oos2016.servilon.com.

add two new Forward Lookup Zones internal DNS

Add an A amount of records indicating the local address of the server in each zone:

internal DNS new host

internal DNS new host

Certificate

Issue a certificate for both services right away. We added both names to the subject alternative name (SAN): sp2016.servilon.com and oos2016.servilon.com. To avoid problems on devices outside of the domain, you need to issue your certificate by a trusted certification authority.

Certificate

We will mention this certification three more times. It will be used on the SharePoint Server (in IIS), on the Office Online Server, and for Application Request Routing (ARR) for publishing sites.

 SP Settings

Here we will skip the SharePoint Server installation process, because this topic has been covered in numerous articles, walkthroughs, and TechNet. Note that Microsoft is pushing us to cooperate and communicate in its Windows 2016 Server – versioning settings are already configured to work together by default for a document’s library (Library> Library Settings> Versioning Settings)
Document Version History is set to “Create major versions”;

Require Check Out is set to “NO”.

SharePoint Server settings

It’s time to remember security and our certificate, so we specify it in the Bindings for our SP site.

Bindings for SP site

OOS Settings

MS says the minimum hardware requirements are identical to the requirements for SharePoint Server 2016:

  • RAM: 12GB
  • Processor: 64-bit, quad
  • HDD: 80GB

In reality, the test environment RAM can be significantly cut back.

  1. Install the .NET Framework 4.5.2 on the server;
  1. Install the necessary components by OS command below:

Install-WindowsFeature Web-Server, Web-Mgmt-Tools, Web-Mgmt-Console, Web-WebServer, Web-Common-Http, Web-Default-Doc, Web-Static-Content, Web-Performance, Web-Stat-Compression, Web-Dyn-Compression, Web-Security, Web-Filtering, Web-Windows-Auth, Web-App-Dev, Web-Net-Ext45, Web-Asp-Net45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Includes, InkandHandwritingServices, Windows-Identity-Foundation

  1. After installation is finished, reboot the system;
  2. Run the OOS installation, the installation wizard only asks to specify the installation path;
  3. Configure the OOS farm (using a secure connection – https):
    • Import the previously issued certificate.
    • Create the OOS farm using a PS command:

New-OfficeWebAppsFarm -InternalURL “https://oos.contoso.com” -ExternalURL “https://oos.contoso.com” -CertificateName “Certificate Friendly Name”

create the OOS farm

To enable editing mode on OOS, use the following PS command:

Set-OfficeWebAppsFarm -EditingEnabled

InternalURL and ExternalURL are identical as configured by Split DNS.

Back on the SharePoint server, there are just two commands:

1. In SharePoint 2016 Management Shell run the following command as an administrator:

New-SPWOPIBinding -ServerName “OOS server name”

SharePoint 2016 Management Shell administrator

2. Since our SharePoint is used both internally and externally, you should change the infrastructure zone to external-https:

Set-SPWOPIZone -zone “external-https”

SharePoint 2016 Management Shell administrator

Configure publishing on ARR

  1. Import our certificate in IIS.
  1. Specify its other Bindings.

Configure publishing on ARR

Configure publishing on ARR

Create 2 farms for sp2016.servilon.com and oos2016.servilon.com.

Edit URL Rewrite at the server level

Configure publishing on ARR

Configure publishing on ARR

For SP:

  1. Add a Condition

add a condition SP

  1. Paste https:// in Action Properties

Repeat the same actions for OOS.

As a result, we get the following settings:

After editing IIS, restart the service using the following command – iisreset.

You’re done! Now you have oos2016.servilon.com server as a server used for running in a browser and on mobile devices, and sp2016.servilon.com as a connection point to the SharePoint site.

In the next part, I will try to answer questions asked about OneDrive for Business.

More articles about SharePoint

SharePoint 2016

Collaborate on documents with Microsoft: SharePoint 2016, Office Online and everything else. Part 1: What is it?

But Microsoft has been unfailingly persistent – they continue to improve their products all the time, on multiple levels as a result, now we can talk about the established infrastructure of document collaboration offered by Microsoft. It has two classes of software:

  1. Means of public access to documents, including cataloging, version control, distribution of rights and other similar server features. These tools are divided into cloud solutions (OneDriveSharePoint Online) and on-premise – the SharePoint 2016 Server – deployed in the infrastructure of the customer.
  2. Document editing tools. These include the desktop suite of Microsoft Office application (which was also updated recently), newly-minted mobile versions of Office, initially focused on co-authoring documents, and, the cherry on the cake – its own implementation of server online editing Office Online apps documents (previously known under the name of Office Web Apps).

All this splendor probably does not make Microsoft quite the “Google Docs killer” of so much repute among tech-journalists, but provides a good alternative to the consumer. This is especially true of corporate customers who, already have the MS infrastructure (AD, Exchange, Skype for Business), and those who need, for security-purposes, to store all or part of their information locally. For such customers, new opportunities to work with documents from Microsoft look particularly attractive.

As a result, we thought that we should inform our prospective clients and the general public about these developments, and how to install and configure all this stuff. We’ll also try to get to a comparison with alternative services. Not everybody has time for such a long read, so we’ve decided to split this post into several articles. This is the first one. Here, we’ll go through the MS features in each of the Microsoft products that enable document co-editing: Office Online, MS Office for desktop and also for mobile devices. It is at this point that we warn you – there will be a lot of attention to the finer points of this, so an impatient reader can go directly to “conclusions” at the end of the post. For everybody else, fasten your seat-belts!

Office Online

Office Online Server is quite an interesting application, not yet well known to everyone. Firstly, it allows users to reduce the number of licenses and MS Office installations. Secondly, it enables more ways to access and edit documents – in a nutshell, you only need a browser. Thirdly, it features the best suite of Microsoft collaboration tools to date. Let’s take a closer look.

Word Online

Word Online

Editing of the document in Office Online can be done by multiple users at the same time, with the changes and the username corresponding to each edit appearing instantly to the other co-authors. Users can simultaneously edit the same section of text, even in one paragraph.

see when someone changing data the same time

Excel Online

Edit in Exel Online icon

In Excel Online, changes in the cell will be displayed to the other co-authors only after an author moves to the next cell. In the meantime, this cell remains active and can be changed by multiple users.

Co-authoring in Exel Online

PowerPoint Online

Edit in PowerPoint Online icon

PowerPoint Online allows you to work simultaneously on one slide, but it is better to work on different elements, otherwise users will not see each other’s real time changes.

PowerPoint Online allows you to work simultaneously on one slide

Office Desktop Version

Working with documents through Office Online is a pleasant experience, except when it comes to significant changes to the formatting. If you want to insert a chart, smart art, table of contents, macros, format tables, use a formula, etc. then you have to use the desktop version of the software. We could write a separate article about the difference between desktop and online functionality. Here, we will review the differences related to the co-authored work.

MS Word

In this application, it is not possible for two different people to edit the same paragraph of text simultaneously.

co-autoring word 2016

The changes will be visible to the other co-authors only after the author saves them and other users update the document.

Save and update is integrated into the Save icon  (Ctrl + S)f315bee01822438387a5e08b0ba77f6f. Available updates are displayed in an icon next to the author’s name.

co-autoring word online 2016

MS Excel

In Excel, simultaneous editing of the same document is not possible. Two options are possible – use the online version,

Someone else has this workbook locked error

or get in line.

File in use by someone else

MS PowerPoint

On the contrary, in PowerPoint, simultaneous co-editing is possible. Co-editors can see that someone else is working on a presentation through the “Share” panel.

PowerPoint co-editing is possible

Available updates are signaled by the inconspicuous ‘Updates Available” status. The status appears only after the author saves changes, while the changes themselves appear after a document has been updated using the Save icon (Ctrl + S).

Status of co-editing of file

Mobile devices

Microsoft Word App and Microsoft PowerPoint App

When working on Android, a paragraph or element on which you are working is not blocked, and two co-editors can simultaneously work with it – edits are publicly displayed a very short time later. The fact that someone else is working on the same element, can be seen in the “Share” menu.

The fact that someone else is working on the same element on Android

In the case of the IPhone with changes in the message about the updates to the proposal Apply / Cancel. It would be interesting to test more on Windows Phone with Windows 10.

Microsoft Excel App

Real time collaboration in Excel App is not supported.

File has locked by someone

Conclusions

In general, co-editing tools from Microsoft can be considered functional, although different components implement it differently. The process of co-editing is best implemented in Office Online as it represents real co-working. You can add a feature which displays the names of simultaneous co-editors of documents (moving across your screen). But, unfortunately, for full editing functionality you’d still have to resort to the desktop version of the program, which still needs a “save” button. In addition, the process of working together is not made so user-friendly (Excel suffers most, where things remain all at check-in and check-out level).

In the next post, we’ll show you how to deploy on-premise components for co-authoring and sharing within an enterprise infrastructure. SharePoint 2016 Farm, Office Online Server, the publication – that will all be discussed. Stay tuned.

More articles about SharePoint

An IT specialist’s work time can now be monitored with SkypeTime

An easy, flexible and transparent way to tackle the problem of time and attendance management at IT companies.

Like any other company, IT companies providing high tech services – whether software development, IT outsourcing, or remote infrastructure support – need tools to maintain adequate work discipline.

One method traditionally used is a time-and-attendance management system, which provides the employer with detailed information about who was present at their work places and when, which software was open on employees’ office computers, and employee’s web requests, including the ability to use a webcam to monitor employees’ physical presence at their computers.

This method is moderately effectively for regular office workers, but it negatively affects the performance of expert teams. There are several reasons for this.

First, a high-tech company’s employees (let’s call them “experts”) do not only work at their desk and during standard work hours. They might need to do some work at night, participate in late meetings due to time zone differences with customers, or simply reach peak performance between 11pm and 4am. Accordingly, it is the actual work performed on the office computer (sometimes remotely from home) that must be estimated, not the time spent in close proximity to it.

Second, experts are usually freedom-loving individuals. Just the thought that some software program is monitoring their activities is demoralizing to innovative teams and, as a result, has a negative effect on their performance.

Third, experts have professional ambitions. The existence of software that discourages work may induce them to fight this software during work hours and at their workplace. This is hardly the effect you desire.
In our view, the best way to account for and monitor employee time is a program that meets several criteria:

  • It should be invisible to employees. Ideally, it should not be detected on employees’ computers.
  • The program should allow estimating the time employees spend accessing their work computer, based not only on when they are physically present but also when they are working remotely. Thus, the system should be able to identify the type of employee presence.
  • The program should support great flexibility in adjusting employees’ schedules. For example, it should allow for rules such as “If not present at work at 9:15 – send notice of absence without leave” or “Allow coming late no more than twice a week,” or “When working with a customer at night, allow time-off until noon or work from home.”
  • The program should ensure the required level of monitoring without encroaching on employees’ privacy (for instance, Internet traffic).
  • The program should not require significant investment in additional servers and system software.

Servilon has developed such a program and we now offer it to you. It is called SkypeTime – a time and attendance management system based on Microsoft Skype for Business.

SkypeTime is an ideal solution for IT companies where:

  • Microsoft Skype for Business is used for corporate communication;
  • Employees’ work is associated with resource intensive software and/or access to internal corporate resources, and therefore requires physical or remote access to an office computer.
  • The work day is not strictly measured by physical presence in an office but rather by the number of hours worked, and can be coordinated with senior management to allow for individual rules and exceptions.

SkypeTime discreetly monitors employees’ work without making them uncomfortable. It provides the flexibility needed to take into account the specific characteristics of the work schedule.

How SkypeTime Works?

SkypeTime collects employees’ work statistics based on changes to their Skype status (online, offline, inactive, away, in call, in call – mobile) and based on information about the device from which the status is obtained, which are recorded by the Skype for Business server. In addition, the system receives information from RDGs (Remote Desktop Gateways), and you can see whether an employee accessed a computer locally or remotely (from home or another location).

SkypeTime uses the information received to build accurate work schedule reports that include the following:

  • Start of work day;
  • Lunch breaks;
  • End of work day;
  • Total number of hours worked versus the expected number of hours;
  • Work performed from home.

All components are installed on SkypeTime servers, and Skype4B clients provide the information about presence. In other words, no additional software needs to be installed employees’ computers. Thus, the monitoring system cannot be removed, blocked, or otherwise affected. Moreover, the system does not interfere with employees’ work, so they cannot have a negative reaction to it.

Close integration with Active Directory and Skype for Business minimizes the effort required to configure SkypeTime – users are added and removed automatically after the integration is complete.

slypetime_eng1

SkypeTime features for monitoring and recording work time

Reports on employees’ work statistics

SkypeTime generates the following reports on employee work:

Average and maximum tardiness for a period;

  • Absence history with an indication of whether the manager’s permission had been given;
  • Periods of overtime;
  • Employees’ ranked by work discipline violations for a period;
  • Summary and detailed reports on daily changes in employees’ statuses;
  • Statistics on employees’ work from home;
  • Departmental summary of the work day (latecomers, absent, current requests, work time for the previous day);
  • Weekly employee summary.

Authorized managers can receive these reports both by accessing the program’s interface and through a regular email.

Work calendar management

SkypeTime allows users to set up an employees work calendar and indicate standard work hours for a specific department or employee. Time zones can be accounted for when setting up your work calendar, thus supporting the work of geographically distributed teams.

The system also lets you keep logs of holiday calendars, create and manage employee requests for time off, and change work schedules.

  • Employees within the same department can plan their holidays easily and avoid overlap by using a shared holiday calendar. This helps prevent key personnel on a project from taking holiday leave at the same time.

Dashboard

Both managers and employees access the system via the Dashboard – an easy-to-use interface that provides access to the following personal and group settings:

  • Create, send and approve requests for holiday, absence with leave, and other personal situations;
  • Manager or employee control over employees’ work schedules;
  • Monitor unused holidays and sick leave days;
  • Manage individual, group and system settings.

Prices and terms for installation

SkypeTime licenses start at $10 for one registered user and depend on the number of user licenses and additional services purchased. Discounts are available, if:

  • You are an IT company.
  • You order both the application and services to deploy it.
  • You purchase Microsoft Skype for Business or any other software license from us.
  • You are our client.
  • You are not our client, but you order other services from us along with SkypeTime.

Your purchase of a SkypeTime license gives you one year of free technical support and an annual subscription to all program updates, including new versions. Additionally, for one year from your purchase of SkypeTime you will receive a discount on our other services. Furthermore, when you buy more than 50 licenses you will receive a 50% discount on deployment of Skype for Business.

Contact us for a custom quote for SkypeTime with all applicable discounts.

SkypeTime features

Manager interface

workdesk-new-pic1

The Manager Interface is a side menu containing all of the application’s functionality, as well as up-to-date information on employees in four separate sections (Latecomers, Absent, Work Time, and Requests). Detailed information is available by clicking on each section’s name.

Employee Dashboard

user-cabinet-new_pic2

Employees can work more productively using web data from the Dashboard, which summarizes the information for a selected period of time, e.g. the beginning and end of a work day, planned work time per day / week, overtime, tardiness, and much more.

Employee Requests

editing-request_pic3

Editing employee requests is a key feature in time and attendance management systems. Managers can approve, deny or edit employee requests.

Employee report for a specified time period

report-by-employee-new_pic4

Employee summary report

To make it easier to read, the “Report by Period” generated as a table and Gantt chart. This makes it possible to interpret the tabular data in the chart.

report-by-employee-new_pic4

This report is a Gantt chart in the form of a table showing how much time the employee spent at work and how much he or she was offline during the working day. More information is available in the “Detailed Report” tab. You can see the device the employee was working from, as well as his or her status in the system and the duration of that status.

Report by holidays

report-by-holidays_pic6

The holiday report contains a list of all employees and indicates the number of used and remaining holiday days during a year/period. The Gantt chart displays employee requests as a horizontal bar showing the number of days. By clicking on the bar, you can edit the request. By clicking on the employee’s name in the table, the request search page opens for the selected employee.

More articles about Skype for Business

windows 10 logo

HOW TO DISABLE TELEMETRY ON WINDOWS 10

With Solitaire, Microsoft taught users how to use the mouse. Now with Windows 10 they are teaching us to read the license agreement.

After the launch of Windows 10 the internet was flooded with messages about the collection of users’ personal data followed by multiple discussions about how to tackle the issue. The user community instantly came up with a list of major servers that collect data and tried to block them via the HOSTS file. However, the OS ignores all those lines and it was revealed the list of servers was hardcoded into system files. To further complicate matters, Microsoft can always update its IP addresses through Windows Update making the whole procedure useless.

In this post, we would like to share our experience in disabling telemetry through built-in Windows Firewall. This is an alternative approach that has been proven to be effective.

The Test

To perform the procedure, we assembled a simple test:

Two laptops. One with Windows 10 connected to the internet through another laptop using internet sharing. The second laptop was acting as a NAT router with Wireshark installed allowing us to track outgoing traffic from the first machine.

The Outcome:

Yes. Windows 10 DOES collect and send your data.

The list of telemetry IP addresses almost coincides with the ones mentioned here: https://forum.unsystem.net/t/microsoft-windows-10-spy-infraestructure/561 and here forums.untangle.com/web-filter/35894-blocking-windows-10-spying-telemetry.html;

Built-in Windows Firewall allows for the blocking of data transmission to these servers.

Firewall Rules

  • After the acquisition of IP addresses and checking the effectiveness of blocking them, you can include them into the settings using Powershell script. To add a rule into Firewall, it is necessary to run the following command (let’s take watson.telemetry.microsoft.com server as an example):

netsh advfirewall firewall add rule name="telemetry_watson.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.43 enable=yes
  • Where:
    name – the name of the rule and concurrently the name of Microsoft server.
    dir = out – parameter indicating that the rule only applies to the outgoing traffic.
    action=block – network packets indicated in this rule will be blocked by Firewall.
    remoteip – IP address of the receiver of the outgoing network packets.
    enable=yes – indicates that the rule is being enabled at the moment.

Eventually the script will look like this:


Set-NetFirewallProfile -all

netsh advfirewall firewall add rule name="telemetry_vortex.data.microsoft.com" dir=out action=block remoteip=191.232.139.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_telecommand.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.92 enable=yes
netsh advfirewall firewall add rule name="telemetry_oca.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.63 enable=yes
netsh advfirewall firewall add rule name="telemetry_sqm.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.93 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.telemetry.microsoft.com" dir=out action=block remoteip=65.55.252.43 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson2.telemetry.microsoft.com" dir=out action=block remoteip=65.52.108.29 enable=yes
netsh advfirewall firewall add rule name="telemetry_redir.metaservices.microsoft.com" dir=out action=block remoteip=194.44.4.200 enable=yes
netsh advfirewall firewall add rule name="telemetry_redir2.metaservices.microsoft.com" dir=out action=block remoteip=194.44.4.208 enable=yes
netsh advfirewall firewall add rule name="telemetry_choice.microsoft.com" dir=out action=block remoteip=157.56.91.77 enable=yes
netsh advfirewall firewall add rule name="telemetry_df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.7 enable=yes
netsh advfirewall firewall add rule name="telemetry_reports.wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.91 enable=yes
netsh advfirewall firewall add rule name="telemetry_wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.93 enable=yes
netsh advfirewall firewall add rule name="telemetry_services.wes.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.92 enable=yes
netsh advfirewall firewall add rule name="telemetry_sqm.df.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.94 enable=yes
netsh advfirewall firewall add rule name="telemetry_telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.9 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.ppe.telemetry.microsoft.com" dir=out action=block remoteip=65.52.100.11 enable=yes
netsh advfirewall firewall add rule name="telemetry_telemetry.appex.bing.net" dir=out action=block remoteip=168.63.108.233 enable=yes
netsh advfirewall firewall add rule name="telemetry_telemetry.urs.microsoft.com" dir=out action=block remoteip=157.56.74.250 enable=yes
netsh advfirewall firewall add rule name="telemetry_settings-sandbox.data.microsoft.com" dir=out action=block remoteip=111.221.29.177 enable=yes
netsh advfirewall firewall add rule name="telemetry_vortex-sandbox.data.microsoft.com" dir=out action=block remoteip=64.4.54.32 enable=yes
netsh advfirewall firewall add rule name="telemetry_survey.watson.microsoft.com" dir=out action=block remoteip=207.68.166.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.live.com" dir=out action=block remoteip=207.46.223.94 enable=yes
netsh advfirewall firewall add rule name="telemetry_watson.microsoft.com" dir=out action=block remoteip=65.55.252.71 enable=yes
netsh advfirewall firewall add rule name="telemetry_statsfe2.ws.microsoft.com" dir=out action=block remoteip=64.4.54.22 enable=yes
netsh advfirewall firewall add rule name="telemetry_corpext.msitadfs.glbdns2.microsoft.com" dir=out action=block remoteip=131.107.113.238 enable=yes
netsh advfirewall firewall add rule name="telemetry_compatexchange.cloudapp.net" dir=out action=block remoteip=23.99.10.11 enable=yes
netsh advfirewall firewall add rule name="telemetry_sls.update.microsoft.com.akadns.net" dir=out action=block remoteip=157.56.77.139 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe2.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.121 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe23.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.123 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe24.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.53.29 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe25.update.microsoft.com.akadns.net" dir=out action=block remoteip=66.119.144.190 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe26.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.189 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe27.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.58.118 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe28.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.53.30 enable=yes
netsh advfirewall firewall add rule name="telemetry_fe29.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.170.51.190 enable=yes
netsh advfirewall firewall add rule name="telemetry_diagnostics.support.microsoft.com" dir=out action=block remoteip=157.56.121.89 enable=yes
netsh advfirewall firewall add rule name="telemetry_statsfe1.ws.microsoft.com" dir=out action=block remoteip=134.170.115.60 enable=yes
netsh advfirewall firewall add rule name="telemetry_i1.services.social.microsoft.com" dir=out action=block remoteip=104.82.22.249 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback.windows.com" dir=out action=block remoteip=134.170.185.70 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback.microsoft-hohm.com" dir=out action=block remoteip=64.4.6.100 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback2.microsoft-hohm.com" dir=out action=block remoteip=65.55.39.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_feedback.search.microsoft.com" dir=out action=block remoteip=157.55.129.21 enable=yes
netsh advfirewall firewall add rule name="telemetry_rad.msn.com" dir=out action=block remoteip=207.46.194.25 enable=yes
netsh advfirewall firewall add rule name="telemetry_preview.msn.com" dir=out action=block remoteip=23.102.21.4 enable=yes
netsh advfirewall firewall add rule name="telemetry_dart.l.doubleclick.net" dir=out action=block remoteip=173.194.113.220 enable=yes
netsh advfirewall firewall add rule name="telemetry_dart2.l.doubleclick.net" dir=out action=block remoteip=173.194.113.219 enable=yes
netsh advfirewall firewall add rule name="telemetry_dart3.l.doubleclick.net" dir=out action=block remoteip=216.58.209.166 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads.msn.com" dir=out action=block remoteip=157.56.91.82 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads2.msn.com" dir=out action=block remoteip=157.56.23.91 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads3.msn.com" dir=out action=block remoteip=104.82.14.146 enable=yes
netsh advfirewall firewall add rule name="telemetry_ads6.msn.com" dir=out action=block remoteip=8.254.209.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_a.ads1.msn.com" dir=out action=block remoteip=198.78.208.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_a.ads1.msn.com" dir=out action=block remoteip=185.13.160.61 enable=yes
netsh advfirewall firewall add rule name="telemetry_global.msads.net.c.footprint.net" dir=out action=block remoteip=207.123.56.252 enable=yes
netsh advfirewall firewall add rule name="telemetry_ssw.live.com" dir=out action=block remoteip=207.46.101.29 enable=yes
netsh advfirewall firewall add rule name="telemetry_msnbot-65-55-108-23.search.msn.com" dir=out action=block remoteip=65.55.108.23 enable=yes
netsh advfirewall firewall add rule name="telemetry_a23-218-212-69.deploy.static.akamaitechnologies.com" dir=out action=block remoteip=23.218.212.69 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft.com" dir=out action=block remoteip=104.96.147.3 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft01.com" dir=out action=block remoteip=11.221.29.253 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft02.com" dir=out action=block remoteip=111.221.64.0-111.221.127.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft03.com" dir=out action=block remoteip=131.253.40.37 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft04.com" dir=out action=block remoteip=134.170.165.248 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft05.com" dir=out action=block remoteip=134.170.165.253 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft06.com" dir=out action=block remoteip=134.170.30.202 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft07.com" dir=out action=block remoteip=137.116.81.24 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft08.com" dir=out action=block remoteip=137.117.235.16 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft09.com" dir=out action=block remoteip=157.55.130.0-157.55.130.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft10.com" dir=out action=block remoteip=157.55.133.204 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft11.com" dir=out action=block remoteip=157.55.235.0-157.55.235.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft12.com" dir=out action=block remoteip=157.55.236.0-157.55.236.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft13.com" dir=out action=block remoteip=157.55.52.0-157.55.52.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft14.com" dir=out action=block remoteip=157.55.56.0-157.55.56.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft15.com" dir=out action=block remoteip=157.56.106.189 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft16.com" dir=out action=block remoteip=157.56.124.87 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft17.com" dir=out action=block remoteip=191.232.139.2 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft18.com" dir=out action=block remoteip=191.232.80.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft19.com" dir=out action=block remoteip=191.232.80.62 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft20.com" dir=out action=block remoteip=191.237.208.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft21.com" dir=out action=block remoteip=195.138.255.0-195.138.255.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft22.com" dir=out action=block remoteip=2.22.61.43 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft23.com" dir=out action=block remoteip=2.22.61.66 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft24.com" dir=out action=block remoteip=207.46.114.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft25.com" dir=out action=block remoteip=212.30.134.204 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft26.com" dir=out action=block remoteip=212.30.134.205 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft27.com" dir=out action=block remoteip=213.199.179.0-213.199.179.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft28.com" dir=out action=block remoteip=23.223.20.82 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft29.com" dir=out action=block remoteip=23.57.101.163 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft30.com" dir=out action=block remoteip=23.57.107.163 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft31.com" dir=out action=block remoteip=23.57.107.27 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft32.com" dir=out action=block remoteip=64.4.23.0-64.4.23.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft33.com" dir=out action=block remoteip=65.39.117.230 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft34.com" dir=out action=block remoteip=65.52.108.33 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft35.com" dir=out action=block remoteip=65.55.138.114 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft36.com" dir=out action=block remoteip=65.55.138.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft37.com" dir=out action=block remoteip=65.55.223.0-65.55.223.255 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft38.com" dir=out action=block remoteip=65.55.138.186 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft39.com" dir=out action=block remoteip=65.55.29.238 enable=yes
netsh advfirewall firewall add rule name="telemetry_microsoft40.com" dir=out action=block remoteip=77.67.29.176 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_1-a.ads1.msn.com" dir=out action=block remoteip=206.33.58.254 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_2-a.ads1.msn.com" dir=out action=block remoteip=8.12.207.125 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_3-a.ads1.msn.com" dir=out action=block remoteip=8.253.37.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0002.a-msedge.net" dir=out action=block remoteip=204.79.197.201 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0004.a-msedge.net" dir=out action=block remoteip=204.79.197.206 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0005.a-msedge.net" dir=out action=block remoteip=204.79.197.204 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0006.a-msedge.net" dir=out action=block remoteip=204.79.197.208 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0007.a-msedge.net" dir=out action=block remoteip=204.79.197.209 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0008.a-msedge.net" dir=out action=block remoteip=204.79.197.210 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0009.a-msedge.net" dir=out action=block remoteip=204.79.197.211 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ac3.msn.com" dir=out action=block remoteip=131.253.14.76 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ad.doubleclick.net" dir=out action=block remoteip=172.217.20.230 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_adnexus.net" dir=out action=block remoteip=37.252.169.43 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_01.auth.nym2.appnexus.net" dir=out action=block remoteip=68.67.155.138 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_01.auth.lax1.appnexus.net" dir=out action=block remoteip=68.67.133.169 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_01.auth.ams1.appnexus.net" dir=out action=block remoteip=37.252.164.5 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns1.gslb.com" dir=out action=block remoteip=8.19.31.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns2.gslb.com" dir=out action=block remoteip=8.19.31.11 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ads.msn.com" dir=out action=block remoteip=65.55.128.80 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ads1.msn.com" dir=out action=block remoteip=192.221.106.126 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_de-1.ns.nsatc.net" dir=out action=block remoteip=198.78.208.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_es-1.ns.nsatc.net" dir=out action=block remoteip=8.254.34.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_b.ns.nsatc.net" dir=out action=block remoteip=8.254.92.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_nl-1.ns.nsatc.net" dir=out action=block remoteip=4.23.39.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_uk-1.ns.nsatc.net" dir=out action=block remoteip=8.254.119.155 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_aidps.msn.com.nsatc.net" dir=out action=block remoteip=131.253.14.121 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns1.a-msedge.net" dir=out action=block remoteip=204.79.197.1 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns2.a-msedge.net" dir=out action=block remoteip=204.79.197.2 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns3.a-msedge.net" dir=out action=block remoteip=131.253.21.1 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_apps.skype.com" dir=out action=block remoteip=95.100.177.217 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_az512334.vo.msecnd.net" dir=out action=block remoteip=50.63.202.65 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_bs.serving-sys.com" dir=out action=block remoteip=82.199.80.141 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_65choice.microsoft.com" dir=out action=block remoteip=65.55.128.81 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_db3aqu.atdmt.com" dir=out action=block remoteip=94.245.121.176 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_choice.microsoft.com.nsatc.net" dir=out action=block remoteip=94.245.121.177 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_c.msn.com" dir=out action=block remoteip=94.245.121.178 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_c2.msn.com" dir=out action=block remoteip=94.245.121.179 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_diagnostics.support.microsoft.com" dir=out action=block remoteip=134.170.52.151 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_fe2.update.microsoft.com.akadns.net" dir=out action=block remoteip=134.10.58.118 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns1.msft.net" dir=out action=block remoteip=208.84.0.53 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns3.msft.net" dir=out action=block remoteip=192.221.113.53 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_ns4.msft.net" dir=out action=block remoteip=208.76.45.53 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_flex.msn.com" dir=out action=block remoteip=207.46.194.8 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_g.msn.com" dir=out action=block remoteip=207.46.194.14 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_i1.services.social.microsoft.com" dir=out action=block remoteip=23.74.190.252 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_lb1.www.ms.akadns.net" dir=out action=block remoteip=65.55.57.27 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_live.rads.msn.com" dir=out action=block remoteip=40.127.139.224 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m.adnxs.com" dir=out action=block remoteip=37.252.170.82 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m1.adnxs.com" dir=out action=block remoteip=37.252.170.81 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m2.adnxs.com" dir=out action=block remoteip=37.252.170.141 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m3.adnxs.com" dir=out action=block remoteip=37.252.170.142 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m4.adnxs.com" dir=out action=block remoteip=37.252.170.80 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m5.adnxs.com" dir=out action=block remoteip=37.252.170.140 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m6.adnxs.com" dir=out action=block remoteip=37.252.170.1 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_m.hotmail.com" dir=out action=block remoteip=134.170.3.199 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_msedge.net" dir=out action=block remoteip=204.79.19.197 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_msntest.serving-sys.com" dir=out action=block remoteip=2.21.246.8 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_msnbot-65-55-108-23.search.msn.com" dir=out action=block remoteip=2.21.246.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_redir.metaservices.microsoft.com" dir=out action=block remoteip=2.21.246.42 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_redir2.metaservices.microsoft.com" dir=out action=block remoteip=2.21.246.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_s0.2mdn.net" dir=out action=block remoteip=172.217.21.166 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_db5.skype.msnmessenger.msn.com.akadns.net" dir=out action=block remoteip=191.232.139.13 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_schemas.microsoft.akadns.net" dir=out action=block remoteip=65.54.226.187 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure.adnxs.com" dir=out action=block remoteip=37.252.163.207 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure1.adnxs.com" dir=out action=block remoteip=37.252.163.3 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure2.adnxs.com" dir=out action=block remoteip=37.252.163.244 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure3.adnxs.com" dir=out action=block remoteip=37.252.162.216 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure4.adnxs.com" dir=out action=block remoteip=37.252.163.215 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure5.adnxs.com" dir=out action=block remoteip=37.252.162.228 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure6.adnxs.com" dir=out action=block remoteip=37.252.163.106 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure7.adnxs.com" dir=out action=block remoteip=37.252.163.88 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_secure.flashtalking.com" dir=out action=block remoteip=95.101.244.134 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_settings-sandbox.data.microsoft.com" dir=out action=block remoteip=191.232.140.76 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_sls.update.microsoft.com.akadns.net" dir=out action=block remoteip=157.56.96.58 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_statsfe1.ws.microsoft.com" dir=out action=block remoteip=207.46.114.61 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_statsfe2.ws.microsoft.com" dir=out action=block remoteip=65.52.108.153 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_telemetry.appex.bing.net" dir=out action=block remoteip=168.61.24.141 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_telemetry.urs.microsoft.com" dir=out action=block remoteip=65.55.44.85 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_view.atdmt.com" dir=out action=block remoteip=179.60.192.10 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_www.msftncsi.com" dir=out action=block remoteip=2.21.246.26 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_www.msftncsi2.com" dir=out action=block remoteip=2.21.246.24 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_a-0003.a-msedge.net" dir=out action=block remoteip=204.79.197.203 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_cs697.wac.thetacdn.net" dir=out action=block remoteip=192.229.233.249 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_db5.settings.data.microsoft.com.akadns.net" dir=out action=block remoteip=191.232.139.253 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_co4.telecommand.telemetry.microsoft.com.akadns.net" dir=out action=block remoteip=65.55.252.190 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_oca.telemetry.microsoft.com.nsatc.net" dir=out action=block remoteip=64.4.54.153 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_telemetry.appex.search.prod.ms.akadns.net" dir=out action=block remoteip=65.52.161.64 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_t.urs.microsoft.com.nsatc.net" dir=out action=block remoteip=64.4.54.167 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_watson.microsoft.com.nsatc.net" dir=out action=block remoteip=65.52.108.154 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_statsfe2.ws.microsoft.com.nsatc.net" dir=out action=block remoteip=131.253.14.153 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_sls.update.microsoft.com.akadns.net" dir=out action=block remoteip=157.56.77.138 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_dart.l.doubleclick.net" dir=out action=block remoteip=172.217.20.134 enable=yes
netsh advfirewall firewall add rule name="telemetry_ssw.live.com.nsatc.net" dir=out action=block remoteip=207.46.7.252 enable=yes
netsh advfirewall firewall add rule name="telemetry_urs.microsoft.com.nsatc.net" dir=out action=block remoteip=192.232.139.180 enable=yes
netsh advfirewall firewall add rule name="telemetry_urs.microsoft.com.nsatc.net" dir=out action=block remoteip=157.55.233.125 enable=yes
netsh advfirewall firewall add rule name="telemetry_geo-prod.dodsp.mp.microsoft.com.nsatc.net" dir=out action=block remoteip=191.232.139.212 enable=yes
netsh advfirewall firewall add rule name="telemetry_new_c.microsoft.akadns.net" dir=out action=block remoteip=134.170.188.139 enable=yes

Running the Created Script

To avoid this long path of running the power shell script with admin rights, it is easier to create a .bat file and run it. Then UAC itself will request admin rights approval.


@echo off

cls

echo Telemetry

echo Rules of Firewall

echo.

echo press any key to continue...

pause > NUL

echo Rules of Firewall

echo.

PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Start-Process PowerShell -ArgumentList '-NoProfile -ExecutionPolicy Bypass -File ""%~dp0.\script-new.ps1""' -Verb RunAs}"

echo Rules included in Firewall...

echo.

pause

Where script-new.ps1 – is the name of the .ps1 file you created that contains the PowerShell commands.

Download power shell script

Download .bat file

After that is completed, the added rules will be displayed in Windows Firewall as it is shown in the screenshot below:

skreen1

Here is additional information not directly related to firewall but related to telemetry and data collection.

It is worth noting that users of Windows 7 /8 / 8.1 received updates that extend the capabilities of the system to collect and send telemetry data. Accordingly, these users can also apply the recommendations provided in this article or simply remove the updates.

Keylogger

Disable Diag Track (collection of data in Windows components) and dmwappushservice (push messages routing service). To do this, run the command prompt as administrator and disable the service:


sc stop DiagTrack

sc stop dmwappushservice

Or do they remove:


sc delete DiagTrack

sc delete dmwappushservice

Task Scheduler

In the console Taskschd.msc necessary to prohibit the following tasks:


REM *** Task that collects data for SmartScreen in Windows ***

schtasks /Change /TN "Microsoft\Windows\AppID\SmartScreenSpecific" /Disable

REM *** Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program ***

schtasks /Change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /Disable

REM *** Collects program telemetry information if opted-in to the Microsoft Customer Experience Improvement Program ***

schtasks /Change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /Disable

REM *** Aggregates and uploads Application Telemetry information if opted-in to the Microsoft Customer Experience Improvement Program ***

schtasks /Change /TN "Microsoft\Windows\Application Experience\AitAgent" /Disable

REM *** This task collects and uploads autochk SQM data if opted-in to the Microsoft Customer Experience Improvement Program ***

schtasks /Change /TN "Microsoft\Windows\Autochk\Proxy" /Disable

REM *** If the user has consented to participate in the Windows Customer Experience Improvement Program, this job collects and sends usage data to Microsoft ***

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /Disable

REM *** The Kernel CEIP (Customer Experience Improvement Program) task collects additional information about the system and sends this data to Microsoft. ***

REM *** If the user has not consented to participate in Windows CEIP, this task does nothing ***

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /Disable

REM *** The Bluetooth CEIP (Customer Experience Improvement Program) task collects Bluetooth related statistics and information about your machine and sends it to Microsoft ***

REM *** The information received is used to help improve the reliability, stability, and overall functionality of Bluetooth in Windows ***

REM *** If the user has not consented to participate in Windows CEIP, this task does not do anything.***

schtasks /Change /TN "Microsoft\Windows\Customer Experience Improvement Program\BthSQM" /Disable

REM *** Create Object Task ***

schtasks /Change /TN "Microsoft\Windows\CloudExperienceHost\CreateObjectTask" /Disable

REM *** The Windows Disk Diagnostic reports general disk and system information to Microsoft for users participating in the Customer Experience Program ***

schtasks /Change /TN "Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" /Disable

REM *** Measures a system's performance and capabilities ***

schtasks /Change /TN "Microsoft\Windows\Maintenance\WinSAT" /Disable

REM *** Network information collector ***

schtasks /Change /TN "Microsoft\Windows\NetTrace\GatherNetworkInfo" /Disable

REM *** Initializes Family Safety monitoring and enforcement ***

schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyMonitor" /Disable

REM *** Synchronizes the latest settings with the Family Safety website ***

schtasks /Change /TN "Microsoft\Windows\Shell\FamilySafetyRefresh" /Disable

REM *** SQM (Software Quality Management) ***

schtasks /Change /TN "Microsoft\Windows\IME\SQM data sender" /Disable

REM *** This task initiates the background task for Office Telemetry Agent, which scans and uploads usage and error information for Office solutions ***

schtasks /Change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack" /Disable

REM *** This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer ***

schtasks /Change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn" /Disable

We also recommend switching off all suspicious tasks in the Planner:


REM *** Scans startup entries and raises notification to the user if there are too many startup entries ***

schtasks /Change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /Disable

REM *** Protects user files from accidental loss by copying them to a backup location when the system is unattended 
***

schtasks /Change /TN "Microsoft\Windows\FileHistory\File History (maintenance mode)" /Disable

REM *** This task gathers information about the Trusted Platform Module (TPM), Secure Boot, and Measured Boot ***

schtasks /Change /TN "Microsoft\Windows\PI\Sqm-Tasks" /Disable

REM *** This task analyzes the system looking for conditions that may cause high energy use ***

schtasks /Change /TN "Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" /Disable

The above mentioned method cannot be classified as a 100% perfect solution but should be considered an alternative method to turn off telemetry in your Windows system and protect your sensitive information.

Please note that the list of IP addresses has been updated. The updated script version is available for download.

More articles about OS WINDOWS 10