I don’t understand why this person is using network controls to deny access to Microsoft services. There’s plenty of reason to allow Windows update to download outside of some corporate VPN (especially for remote users, why use bandwidth over the VPN?) when you control which updates are installed via WSUS.
I by no means mean any ill will to the author, and appreciate the post, but I do feel critical of the approach.
I would have to understand the why more than is apparent in this blogpost to sympathize. Especially when this configuration is for another person as mentioned at the top. Are they aware of all rules being applied? This sounds like a home environment, which to me signals that these rules would have also killed updates for personal devices, potentially leaving them vulnerable. If you truly need control over Windows Update like this, you should be using the controls exposed to you (WSUS, group policy, etc.)
If it’s a choice that the end user has made, acknowledging that domains used by Windows are being blocked by a firewall and this may cause erratic or nonfunctioning behavior for Windows I see no problem.
It is likely my own experiences and opinions, but I personally believe this is using the wrong tool for the job, using a sledgehammer to drive a screw. I’ve had to deal with things like this at my work, with firewall rules being completely invisible to end users, and it just costs money and causes frustration at something that can be completely transparent and easy to access.
Honestly it feels a little like blog posts I read titled “X software is full of bugs” and then the first line is “so I installed X on my custom Arch Linux setup…”. Sure, not ideal, but the conclusion might not quite match the playing field.
I by no means mean any ill will to the author, and appreciate the post, but I do feel critical of the approach.
I would have to understand the why more than is apparent in this blogpost to sympathize. Especially when this configuration is for another person as mentioned at the top. Are they aware of all rules being applied? This sounds like a home environment, which to me signals that these rules would have also killed updates for personal devices, potentially leaving them vulnerable. If you truly need control over Windows Update like this, you should be using the controls exposed to you (WSUS, group policy, etc.)
If it’s a choice that the end user has made, acknowledging that domains used by Windows are being blocked by a firewall and this may cause erratic or nonfunctioning behavior for Windows I see no problem.
It is likely my own experiences and opinions, but I personally believe this is using the wrong tool for the job, using a sledgehammer to drive a screw. I’ve had to deal with things like this at my work, with firewall rules being completely invisible to end users, and it just costs money and causes frustration at something that can be completely transparent and easy to access.