REACH (Telegram) 3 - What are your thoughts on the global tech outage on 19 July? What can we do to better prepare for similar crises in the future?

(SK)

22 Jul 2024 (10am - 7pm)

REACH (Telegram)

REACH Singapore, [22/7/2024 10:06 AM]

Dear contributors,

Welcome back! 😊

⏰ We will be opening the chat from 10am to 7pm today. ⏰

House Rules (short version of our Terms of Use) to keep in mind:

1. Be kind and respectful. We all want to be in a safe space to share our views. 

2. Any and all threatening, abusive, vulgar or racially, religiously and ethnically objectionable content is prohibited. 

3. Consider the quiet ones among us and give them a chance to comment. 

4. No need to repeat your comment or in differnet forms (including caps) - we heard you loud and clear the first time. 

5. Let's protect each other's privacy and keep contact details in this group what it should always be - confidential. 

Full set of Terms of Use: https://www.reach.gov.sg/Participate/reach-telegram-group/REACH-Telegram-Group-Chat-Terms-of-Use/

We will strive to uphold these rules to ensure this is a safe space for all. 

Please be assured that the points made by participants during the chat are aggregated and shared with relevant agencies. 

The topic will be posted shortly. 

Thank you. 

Megan 😊

REACH Singapore, [22/7/2024 10:10 AM]

📢 Topic 📢

Preparations for crises, like the recent global tech outage on 19 July, often start in peacetime, when things are going reasonably well, said Minister for Digital Development and Information Josephine Teo.

In a Facebook post she wrote on July 21, Minister Teo said that at such times, safeguards are put in place to prevent incidents from occurring, and plans are drawn up to respond when “things go very wrong”.

💬 What are your thoughts on the global tech outage on 19 July? What can we do to better prepare for similar crises in the future?

📌 Global tech outage affected Singapore

The July 19 tech outage was related to a software update by cyber-security firm CrowdStrike. In Singapore, services at Changi Airport and Singapore Post were among companies worldwide whose operations and services were affected. 

Government services in the Republic, as well as local banks, telcos and hospitals, were not affected by the outage, said the Ministry of Digital Development and Information on July 19.

Minister Teo wrote in her Facebook post that IT systems in Singapore organisations affected by the outage are “almost fully recovered”.

“Yet the incident has left many of us feeling vulnerable and questioning our heavy reliance on technology for everyday activities,” she noted. “We should be concerned. The real question is what we can do about these concerns.”

📌 Need to fortify Singapore’s defences during peacetime

Minister Teo said fortifying Singapore’s defences starts with robust testing and putting in place safeguards to prevent such incidents from occurring. 

“Testing and red-teaming must be prioritised and conducted across multiple levels so that appropriate safeguards can be put in place,” she said.

Red-teaming typically refers to a process where a system undergoes a series of rigorous tests to find gaps in safety. It also involves planning for suitable responses when things go very wrong, such as putting in place business continuity plans (BCPs), which many organisations have. 

Such plans should be updated and practised regularly with stress tests carried out through tabletop exercises.

Minister Teo said that Singapore takes tabletop exercises seriously, citing Exercise Cyber Star, a cyber-security exercise to prepare for attacks targeting key infrastructure that keeps the nation ticking, which was last conducted by the Cyber Security Agency of Singapore in September 2023.

Additionally, agencies in charge of various sectors also run their own tabletop exercises to focus on their respective domains. 

The whole government also conducts yearly exercises, with nearly 100 government agencies having exercised their crisis management responses as a team in the past three years. Minister Teo added that the Government ensures that its technology is “up to date and resilient against outages” during each exercise.

“We practise our incident responses and BCPs, so that we know what to do and who to contact during crises,” she said. “Our people demonstrate their dedication and hone their knowledge and capabilities to respond under stress,” she said.

📌 Existing measures will not eradicate crises

Minister Teo pointed out that while Singapore had existing BCPs and tabletop exercises, they “will not eradicate crises”. 

“In fact, they exist precisely because we know that outages will happen. It is not a matter of if, but when,” she said.

“Hence, we need to do as much as we can even before incidents happen so that we can recover and prevail over the disruptions.”

👉 https://www.straitstimes.com/singapore/putting-in-place-safeguards-crisis-plans-for-tech-outages-starts-in-peacetime-josephine-teo

-----

REACH Singapore, [22/7/2024 10:59 AM]

Dear Contributors,

We want to HEAR MORE from you!

💬 What are your thoughts on the global tech outage on 19 July? What can we do to better prepare for similar crises in the future?

We have had good feedback from this group, and we hope that we can keep the discussion robust and active!

Thank you.

Megan 😊

LCL (Danny 心), [22/7/2024 12:17 PM]

1. Automatic updates of changes in the operation software without proper testing and quality assurance - is a very dangerous move - as any new updates or fixes could come with software bugs or programming errors.

2. Usually safeguards need to be in place before such updates to live system can take place.

3. Resiliency also need to be in place when live critical updates are imperative due to intelligence that a cyberattack are impending.

4. IT infrastructure also need to be design to shield critical systems from external updates without QC - eg. Intranet infrastructure for internal systems from external system - Internet infrastructure.

Will discuss this in details later - as this is a complex topic.

LCL (Danny 心), [22/7/2024 12:27 PM]

2 types of professionals can best offer solutions to this topic:-

1. IT planner and designer - specifically a IT solution architect or a IT infrastructure and system designer.

2. A IT Operation and System professional that run and manage the IT infrastructure and system.

LCL (Danny 心), [22/7/2024 12:32 PM]

Notice that:-

1. Government services 

2. Local Banks

3. Telcos 

4. Hospitals 

Are not affected by the crowdstrike software updates - show that our these CIIs (Critical Information Infrastructure) have undergo strict cyber hygiene - and hence spare from the global outage.

Jun Ming, [22/7/2024 12:51 PM]

Diversify technology brands and infrastructure is important.  Even banks airport and work computer is affected

Jun Ming, [22/7/2024 12:51 PM]

Since most laptops use Microsoft

LCL (Danny 心), [22/7/2024 12:52 PM]

Yes.

Good points.

Jun Ming, [22/7/2024 12:54 PM]

This can also increase competition between companies, as Microsoft has been taking up the big head

LCL (Danny 心), [22/7/2024 12:54 PM]

Alternative brand is Linux.

Jun Ming, [22/7/2024 12:57 PM]

Yes which I have heard off but hardly seen in the market

LCL (Danny 心), [22/7/2024 12:58 PM]

They are open source, open system.

Stella Yip, [22/7/2024 1:00 PM]

I used to be able to clear read msgs in Reach whatsapp, but now cannot do so in telegram. If anyone knows how to clear read msg in this group, please teach, thanks!

LCL (Danny 心), [22/7/2024 1:02 PM]

There's a clear history - right top hand corner.

But I haven't try because I want to keep all the chats.

Don't know what is the effect.

Stella Yip, [22/7/2024 1:04 PM]

Don't wanna clear all, just the selected ones which I have read. There are some very good comments which I would like to keep too.

LCL (Danny 心), [22/7/2024 1:04 PM]

Only solid programmers and developers will use it.

LCL (Danny 心), [22/7/2024 1:04 PM]

I think you need to highlight one chat at a time and then delete.

Stella Yip, [22/7/2024 1:05 PM]

Tried, cannot leh

LCL (Danny 心), [22/7/2024 1:06 PM]

Oh I see.

Then I don't know.

Stella Yip, [22/7/2024 1:06 PM]

I can delete selected messages in other telegram chats

LCL (Danny 心), [22/7/2024 1:06 PM]

Yes I tried in other telegram chats.

Can be done.

Stella Yip, [22/7/2024 1:07 PM]

Ya lor

LCL (Danny 心), [22/7/2024 1:07 PM]

One workaround.

Edit mode.

Then remove all text and then save.

LCL (Danny 心), [22/7/2024 1:08 PM]

I try hor.

LCL (Danny 心), [22/7/2024 1:08 PM]

I tr

LCL (Danny 心), [22/7/2024 1:08 PM]

The workaround can leh.

Stella Yip, [22/7/2024 1:12 PM]

REACH if Danny's solution is to work around, it means there is no easier way liao. Can REACH change the settings to make it easier for the rest of us who do not have Danny's smarts? Change the settings to normal PLEASE.

Dr. Goh, [22/7/2024 1:46 PM]

The pinned message is different from topic today REACH

Jun Ming, [22/7/2024 1:47 PM]

REACH skill issue

Dr. Goh, [22/7/2024 1:48 PM]

Global outage - dependence on cloud. Also the practice by Microsoft to force updates on end users and servers with no way to override. This happens during working hours which is very disruptive for many. Imagine running some dangerous experiments in a lab and the computer enforces an update - wouldn't that result in loss of control of critical equipment and potential damages?

Dr. Goh, [22/7/2024 1:49 PM]

New systems have no means of refusing updates. Some users are more cautious so they don't update unless it is tried and tested.

Jun Ming, [22/7/2024 1:52 PM]

Basically Singapore can't do much unless we create our own computer operating system. But that being said I have not much confident that sg will do so. The only thing can be done is use 30-40%mac in office and 70-60% windows

Dr. Goh, [22/7/2024 1:53 PM]

Enterprise IT departments should be given the right to overrule any push for updates. For instance, if it is a busy period for banks and airlines, IT can delay such updates. Banks don't make changes to their systems during peak periods, so Microsoft shouldn't force it on systems. 

In this case Microsoft is most definitely liable for damages caused and I would encourage litigation for compensation. Also, governments should enforce strict rules for vendors selling operating systems and related cloud services to allow customers to overrule updates at all times or be liable for all damages caused.

LCL (Danny 心), [22/7/2024 1:53 PM]

I think for a new platform, there will be some teething problem.

Let us give them sometimes to fine tune.

Also I think they will need some sort of control and cannot adopt the normal mode of communication like our normal telegram - because this is handling public feedback.

In case someone attach some malicious malware or can erase chats that they want to keep.

Let us hear from REACH their constraints.

I think we can adapt as we go along.

Jun Ming, [22/7/2024 1:54 PM]

That makes me recall a video... F**** Microsoft... Haha

Dr. Goh, [22/7/2024 1:54 PM]

Passive approach doesn't improve how things work. Maybe countries affected can work something out to put pressure on Microsoft to put a stop to certain malicious practices.

LCL (Danny 心), [22/7/2024 1:55 PM]

Yes.

Anyone can attach undesirable content in the public forum - and cause embarrassment.

Or worst attach a malicious malware, when click, download and attack all our devices and steal our bank credentials.

LCL (Danny 心), [22/7/2024 1:58 PM]

Sometimes security may come with some inconvenience.

Jun Ming, [22/7/2024 1:58 PM]

But Microsoft is like a monopoly

Jun Ming, [22/7/2024 1:59 PM]

And other systems are harder to use

REACH Singapore, [22/7/2024 2:01 PM]

📢 Topic 📢

LCL (Danny 心), [22/7/2024 2:31 PM]

Microsoft system setting:-

Turn on automatic app updates

App publishers sometimes update their apps to add new features and fix problems. Microsoft Store on Windows can automatically install app updates.

Select the Start button, then search for and select Microsoft Store.

In the Microsoft Store app, select Profile (your account photo) > Settings.

Make sure App updates is turned On.

LCL (Danny 心), [22/7/2024 2:33 PM]

Microsoft can turn on automatic software updates.

System administrators can turn this setting off - and will prevent the crowdstrike auto updates that trigger the global Microsoft outages.

Only after stress testing, them do manual update.

LCL (Danny 心), [22/7/2024 2:41 PM]

My close friend comments:-

1. For crisis similar to Friday's worldwide blue screen, the fallback is manual process. IT redundancy will duplicate current systems, upon need, failover to the redundant systems whether it be on hot or cold standby.

2. In particular to Friday's event, why were patches/upgrades rolled out stealthily without announcements and on a worldwide scale.? Has to be a mistake?!!!

3. Software companies have so many patches. Microsoft will grade them according to severity. The patching has to be done through managed processes like regular scheduled downtime. Bring up the systems steadily and let them go live again.

4. Or maybe this were done by a disgruntled staff.  May be the boss forced him to die-die complete the patch/new release and then he let the devil on the loose. (Oh just joking.....)

5. So redundancy is a  narrower way to look at this. Deep thinking on business continuity is the crux of today's topic.

6. Can't leave it to general discussions, because business owners who know their businesses will then have to think where are their costly failure points engaged relevant professional to design their BCplans.

7. Having redundant Operating System though is a good thought - Standardisation is to bring costs down. Otherwise need different sets of IT people to maintain and operate at sub optimal levels.

CK Lee, [22/7/2024 2:52 PM]

19 July 2024 global tech outrage underscores the vulnerability of digitalisation. With our existing robust BCPs and tabletop exercises, they cannot fully eradicate any form of crises in time to come. Hence educating the public & training personnel on incident response to further enhance overall preparedness and to reduce panic is the key note. The proactive measures put in place can significantly reduce the impact and enhance our ability to recover swiftly.

LCL (Danny 心), [22/7/2024 3:02 PM]

There are few perspectives we need to look at to ensure the Crowdstrike outage will not happen to Singapore CIIs (Critical Information Infrastructure) and trigger a mass chaos.

1. Public Cloud (whereby OS and Apps are own and administer by Cloud administrator) versus Private Cloud

2. Public facing Internet Infrastructure versus Internal Intranet System

3. Resiliency and Redundancy within data centre and across primary and secondary data center

4. Change Control and System update procedure (Including QA and Testing Procedure)

5. BCP (Business Continuity Plan) and Disaster Recovery Procedures

LCL (Danny 心), [22/7/2024 3:19 PM]

*I. Public Cloud (whereby OS and Apps are own and administer by Cloud administrator) versus Private Cloud*

1. With the advent of system and network virtualisation, cloud computing evolves. This has bring about many advantages, as virtual machine (VMs) replacing physical servers has replace physical footprint and greener IT due to using of less power.

In addition, VMs are easy to create, manage, and highly versatile --- hence greatly bringing down costs as well as maintenance.

2. Hence, there is a rush in the industries to move over to Public Cloud (whereby IT Infrastucture, systems, OS and Apps are own and administer by Cloud administrator) - as many Companies will outsource IT services and administration to Public Cloud providers instead of employing internal IT infrastructure and system professionals to run the organisation IT operations.

3. By doing so, Organisations lack IT skillsets to determine what will be the best practices to update the cloud infrastructure in the cloud -- as they are run and managed by the cloud providers - who usually limit their liabilities for any IT glitches.

4. Hence looking at the Crowdstrike outage, look like those in the Public Cloud are more vulnerable to the software updates outages - if public cloud providers turn on "allow auto software updates" in their Microsoft OS system.

I don't rule out private cloud or private IT system - if unwittingly turn on "auto software updates" in their Microsoft OS will face similar situation - if they subscribe to Crowdstrike security services and have internet link to Crowdstrike cloud. (I will address this perspective later on).

5. Then Government, Business, Telcos, Cloud Providers - must form a forum to address such public cloud settings to prevent such outage - e.g . Changi Airport check in system and other system that uses Microsoft.

Notice some other trading companies and local companies also impacted. 

Hence such forum could help to protect our local business - if public cloud providers can conform to good cyber hygiene practices - through discussion and mandate by the IT security forum chair by the government to protect the public cloud).

LCL (Danny 心), [22/7/2024 3:40 PM]

*2. Public facing Internet Infrastructure versus Internal Intranet System*

1. Now I will dwell into private managed - private cloud and private IT infrastructure - run and managed by internal IT department.

2. Most if not all Organisations will need 2 important functions - one, public facing IT infrastructure and web services (essentially the Internet). Two, internal system that are not public facing (Intranet).

3. Internet segment, public facing web - are usually web services that are accessible by public Internet (local and overseas) with public IP address - to do web transaction, eTransaction, eCommerce with payment system.

This Internet segment are usually segregated and protected by very strong security devices such as Firewall, IPS (Intrusion Prevention System), Proxies, APT (Advanced Persistent Threat) etc - from the Intranet segment (so that the internal intranet network and system will not be hacked or brought down by outages coming from Internet) like the Crowdstrike outage.

4. Usually, the Internet segment - should also not turn on "auto software updates" for the Public Web Servers if using Microsoft OS.

QA (Quality Assurance) and stringent stress test (usually in a QA, Test or Development Segment) - are run that emulate the live system.

Only when the tests are successful, before the public Web servers are updated with the new updates or fixes.

5. Change control form needs to be filled, signed by testers, system administrators and operation manager - before the new fixes or software updates can be updated in the live public web servers.

6. Only when the servers run successfully after a few days without hiccups, similar process are repeated for updates in the Intranet servers that run the Microsoft OS.

7. Such rigorous cyber hygiene will ensure that our CIIs - will not experience the Crowdstrike outages just like our Government services, Telcos, Banks, Hospitals.

LCL (Danny 心), [22/7/2024 4:09 PM]

*3. Resiliency and Redundancy within data centre and across primary and secondary data center*

1. Resiliency and Redudancy must be built within a primary data centre and across a (or more) secondary data centre.

2. In the event if a server in the primary data centre go down - eg. through software updates, the down server can be automatically isolated and the redundant server bring up within the primary data centre.

3. How to achieve this?

Server Load Balance (SLB) can achieve this by load balancing 2 or more VMs or physical Web servers.

Assume we have run through the rigorous test in the QA development segment, but when update into the live 1st public web server, the Microsoft OS in Public Server crash, the SLB will automatically detected the 1st Public Web server is down and not responsive to the ping or Apps dummy transaction - SLB will immediately cut off access to the 1st Public Web Server and redirect the access to the 2nd Public Web Server (which turn off auto software update).

So when external user want to access the 1st public Web server via a URL, SLB flag the 1st Public Web server as down and DNS will resolve the URL to the IP address of 2nd Public Web Server (as DNS will block the URL to IP address of 1st Public Web Server, while resolve the URL to the IP address of 2nd Public Web Server).

So, no downtime and outage for external users accessing the Public Web service - even though Crowdstrike software update crash the 1st public web server but not the 2nd public web serve.

4. In the event, there is an emergency crisis, such as a wildfire malware cyberattack worldwide - and need Microsoft OS updates immediately that spare no time to do rigorous QA test.

Then all the Microsoft OS in the Internet public segment (including the redundant servers) need to turn on "auto software updates in the primary data centre" at the same time.

When this happen, assume the software updates got bugs, and then the whole public web segment in the primary data centre will go down --- like the Crowdstrike saga do to many companies.

What should we do?

Don't worry - we still have "法宝".

5. We will have a secondary data centre (an exact replica) of primary data centre with all the Public Servers in place with "auto software updates" turn off.

How to achieve minimal downtime or even no downtime technically?

6. We will deploy what we call "3DNS" or Global Load Balancer (GLB).

GLB or 3DNS will keep DNS record of URL to IP address resolution - across data centers.

When software updates crash all the Web servers in the 1st primary data centre, the GLB or 3DNS will detect down data centre in ping or apps dummy transaction.

GLB or 3DNS will then flag the DNS resolution of URL to IP address to primary data centre is down and unavailable.

GLB and 3DNS will then redirect all public users access to the IP address of the secondary data centre through DNS resolution of URL to IP address of Public Web Server in the 2nd data centre (whereby "auto software updates" is turn off).

Hence, public users will still be able to access the web services at the secondary data centre ---- without downtime or disruption --- even though the primary data centre is completely down.

Hence Crowdstrike outage will not affect our CIIs (and IT professionals can take their time to recover and roll back the damages cause by the software update in the primary data centre.

LCL (Danny 心), [22/7/2024 4:14 PM]

*4. Change Control and System update procedure (Including QA and Testing Procedure)*

1. I have written how to achieve a rigorous change control - for system update  somewhere.

But for completeness, let me update the change control process here.

2. QA (Quality Assurance) and stringent stress test (usually in a QA, Test or Development Segment) - needed to be crafted and any changes to the IT system need to be run in this envirionment that emulate the live system before actual updates.

Only when the tests are successful, before the public Web servers are updated with the new updates or fixes.

3. Change control form needs to be filled, signed by testers, system administrators and operation manager - before the new fixes or software updates can be updated in the live public web servers.

4. Only when the servers run successfully after a few days without hiccups, similar process are repeated for updates in the Intranet servers that run the Microsoft OS.

G, [22/7/2024 4:15 PM]

So.. there is great value in having cash in circulation too. That's the most low tech cost effective solution.

G, [22/7/2024 4:17 PM]

Let's not spend more taxpayer money to engineer some sophisticated redundancy when good old cash provides it

G, [22/7/2024 4:19 PM]

If small businesses / hawkers / taxi drivers etc want to retain the cash option and not go online, let them!

LCL (Danny 心), [22/7/2024 4:19 PM]

*5. BCP (Business Continuity Plan) and Disaster Recovery Procedures*

1. For this section, I think the Government has put a superb BCP plan and DRP  in place and my close friend is also a better person than me in formulating this perspective.

2. Hence I support what the Government are doing and they have done well.

I will not elaborate on this perspective.

LCL (Danny 心), [22/7/2024 4:23 PM]

I check the meta llama 3 AI, how much is the loss resulting from crowdstrike outage,  it say easily billions of dollars on the outset.

The loss still climbing.

LCL (Danny 心), [22/7/2024 4:25 PM]

So is the monetary loss, reputation loss and even security breaches that could trigger life losses - cannot be computed versus $ spend on having a resilient and reliable IT system.

LCL (Danny 心), [22/7/2024 4:50 PM]

Basically, the QA process that guide the change control is known as ITIL.

An IT service management practices with a very well established process of change control for IT service management.

REACH Singapore, [22/7/2024 4:54 PM]

📢 Topic 📢

LCL (Danny 心), [22/7/2024 5:48 PM]

Come to think of it, when deploying and installing a system, a system and security integrator will usually do system hardening before handing it over to the IT system administrators.

And an important system hardening parameter is to turn off "auto software updates" in any type of OS platforms whether Microsoft os or Linux os.

How come those organizations that experience crowdstrike outage didn't do system hardening huh??

🤔

LCL (Danny 心), [22/7/2024 5:55 PM]

I thought this is a IT security best practices.

Dr. Goh, [22/7/2024 6:15 PM]

There are updates that Microsoft doesn't allow IT or end users to postpone or override. Happened to me many times and at times it could be a safety issue.

Dr. Goh, [22/7/2024 6:16 PM]

If companies start to organise a lawsuit against Microsoft for compensation it will compel Microsoft to remove all these overriding controls that are destructive at times.

LCL (Danny 心), [22/7/2024 6:17 PM]

Hmm...

Possible.

But still must be thoroughly tested in the QA environment before roll out.

Also need to conform to ITIL change control procedures before update.

There also must be a backup plan to roll back if update fails.

If all these processes are comply with, usually software updates are quite safe.

Dr. Goh, [22/7/2024 6:19 PM]

The alternative is to use Apple OSX, enterprise Linux, or Unix systems. Many servers actually use Linux systems to save on overheads and increase efficiency. I prefer Linux personally as you can get computations done a lot faster. Mac is rubbish in after sales support and many legacy hardware and software don't work on it. Windows has become too intrusive.

LCL (Danny 心), [22/7/2024 6:20 PM]

Usually system administrators have the full rights.

And they will restrict limited rights to users.

If cannot override, means likely the system administrator remove the rights.

Unlikely to be the Microsoft fault.

More likely the system administrator.

Dr. Goh, [22/7/2024 6:21 PM]

I doubt this is done. Seen multiple cases of updates causing serious issues.

Some may not know this but Win 11 is even more intrusive than 10, where user records are kept for analyses, so there is a huge risk of company IP being compromised and top secret data being leaked.

LCL (Danny 心), [22/7/2024 6:21 PM]

Linux similar capabilities like Microsoft.

LCL (Danny 心), [22/7/2024 6:21 PM]

Hmm...

I am not in windows 11.

Heard that it is cloud based.

Thus I can't comment.

Dr. Goh, [22/7/2024 6:22 PM]

I had admin rights to change settings and postpone updates but even so it could happen in the middle of running some pretty expensive and dangerous hardware.

Dr. Goh, [22/7/2024 6:22 PM]

MS overrides user.

LCL (Danny 心), [22/7/2024 6:23 PM]

Hmm...

If windows 11 possible.

Earlier version - system administrator have full right.

Dr. Goh, [22/7/2024 6:24 PM]

Linux is good for servers. More efficient and freedom for IT to implement controls but you need the talents to do this. In sg IT usually prefers Windows because it requires way lower skill levels. For end users they can use Windows and client software and Web interfaces to access Linux server data for services. If all else fails end users can borrow backups from IT to use Linux temporarily.

Dr. Goh, [22/7/2024 6:25 PM]

Not true though. I've spent many hours trying to override MS updates when I don't want it.

LCL (Danny 心), [22/7/2024 6:25 PM]

Well my previous environment got both - Microsoft and Linux for redundancy.

LCL (Danny 心), [22/7/2024 6:26 PM]

System administrator, I mean your company system administrator.

Users normally have limited rights

LCL (Danny 心), [22/7/2024 6:43 PM]

As a system administrator, you can override user restrictions on auto software updates in Microsoft OS using the following methods:

1. *Group Policy Editor*: Use the Group Policy Editor (gpedit.msc) to configure the "Configure Automatic Updates" policy setting. This will allow you to enable or disable automatic updates and set the update schedule.

2. *Registry Editor*: Use the Registry Editor (regedit.exe) to modify the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU". This will allow you to enable or disable automatic updates and set the update schedule.

3. *Windows Update Settings*: Use the Windows Update Settings (settings.exe) to configure automatic updates. This will allow you to enable or disable automatic updates and set the update schedule.

4. *PowerShell*: Use PowerShell commands to configure automatic updates. For example, you can use the "Set-WindowsUpdateSettings" cmdlet to enable or disable automatic updates.

5. *Microsoft Intune*: If you are using Microsoft Intune, you can use the "Device Configuration" profile to configure automatic updates.

Note: The above methods require administrative privileges to perform.

Additionally, you can also use the "WSUS" (Windows Server Update Services) to manage and deploy updates to client computers. WSUS allows you to approve, decline, or delay updates, and also provides features like auto-approval, auto-decline, and manual approval.

Please note that overriding user restrictions on auto software updates should be done with caution and in accordance with your organization's security policies and procedures.

LCL (Danny 心), [22/7/2024 6:45 PM]

System administrator in your company can do all these to override user right to auto updates software.

LCL (Danny 心), [22/7/2024 6:45 PM]

But window 11, I don't know.

Heard is a cloud os run by Microsoft

REACH Singapore, [22/7/2024 6:45 PM]

Dear Contributors,

⏰ We will be closing the chat in 15 minutes ⏰

Thank you very much for being part of our Telegram chat and participating actively.

Goodnight!

Megan 😊

LCL (Danny 心), [22/7/2024 6:49 PM]

If windows 11 cloud based os is used, then my comments about a forum assembling government, business, Telco, cloud providers and now Microsoft need to come together - to discuss how to protect software updates.

LCL (Danny 心), [22/7/2024 6:59 PM]

Careful.

Later Microsoft sue us back.

Dr. Goh, [22/7/2024 6:59 PM]

Had access to override but somehow those settings return over time. Quite annoying.

LCL (Danny 心), [22/7/2024 7:00 PM]

Hahaha.

I think check with the system administrator.

REACH Singapore, [22/7/2024 7:00 PM]

Dear Contributors

We will be closing the chat for today.

Thank you very much for being part of our Telegram chat and participating actively.

Goodnight!

Megan 😊

====