Turn off WiFi when connected via Ethernet cable


Okay we’ve all been there, your trusty laptop in hand in the office, only to find the Wi-Fi is down, or it’s a little shaky in that side of the building and you have to swap to a Ethernet cable to maintain a good connection.

Easy enough plug it an and away you go.. But, although Windows 10 will simply swap to the Ethernet cable to work, Wi-FI still runs chewing away at your precious laptop battery life

Luckily you can configure your laptop to turn off WiFi automatically when a Ethernet cable is connected (Note dependant on the network adapter in the laptop) and save a little more power to prolong your use

Best done before the event as always, but ensure you’re on the WIFI when you configure your laptop adapter to do this

From the System tray right click on the WiFI/Network icon and select Open Network and Sharing Centre. In the Active networks click on the wi fi connection to open the status window



Click on the Properties button to get the current settings of the adapter, under the networking tab you’ll see the following, click the Configure button to get the fill properties of the adapter


Now click on the Advanced tab, the property look for Disable Upon Wired Connect, and ensure its set/changed  to Enabled for the value


IMPORTANT Should the Disable Upon Wired Connect option not appear, it’s most probable that your network adapter doesn’t support this feature.

Finally, click OK button, and presto all sorted. From now on, whenever you connect an Ethernet cable to your laptop, Windows 10 automatically turns off the Wi-Fi saving precious battery life.


Linx10v64 Review

Late in 2016 Linx launched the Versae range of tablets in a 10inch  and larger 12inch model. But, these new systems presented as a 2-1 model, (as were the older Linx10 and 1010b m10v64boxodels), have a sharper more professional look and feel to that of the older model. Many of the websites seem to confuse this model with the 1010b, and the 10v64 and it’s a very different beast indeed.

As gone is the rubberised no slip surface on the back of the tablet, now replaced with sturdy black aluminium. The fold out or origami keyboard stand has gone, and is now supplied with a separate click connect keyboard a la Surface, and the unit having its own kick stand, mimics the classic Microsoft Surface look and feel styling overall.

If you get a hold of one of these machines from Exertis, you won’t be disappointed. Provided you know what you’re taking on, as although it has the appearance of a Surface Clone, it most certainly isn’t one. The V64 is the first clue, the system comes with limited maximum 64Gb on board storage, but does allow for some expansion by means of the micro SD card slot.  The system utilises the last of the Intel Atom processors in a quad core configuration, which gives the little machine quite a boost operationally with fast RAM, but low power use. But, the processor is also a nail in the coffin of the device, as Intel have now ceased work on the Atom processor, and is no longer being manufactured by Intel.


With Microsoft’s Edu push for the Windows 10S and cheap systems, it’s a shame the 10v64 is already ‘out of date’, as its specifications are great for a good solid base computer for Education needs. The 10v64 has the styling and look of the Surface, but the bargain price comes with a few limitations. Measuring your requirement, means you may be able to have this Linx as your mobility device and yes, it can replace your laptop (depending on your circumstances), all without burning a hole in the pocket/purse strings. It’s an ideal take to school/college device, and for a good solid mobile device for work.


The traditional blue study cardboard box contains the tablet unit, and keyboard, with a box for the power supply and USB to mini USB adaptor. The power supply is now an all in one affair, with no click assembly as did the older models. A gripe I have is that the length of the charger is that supplied to all tablets (too short), fine on the desktop power supply, but will have a struggle if you need to go to the floor for a power outlet. But, the 2in1 was not designed to be plugged in permanently, it’s a device for being on the move, so shouldn’t grumble about that point.

First hurdle you’ll  probably encounter is the Windows 0/S upgrade, as the system comes with 1511 version of Windows 10. Not that the upgrade is not smooth to 1607 or 1703 for that matter, it’s  just getting to the upgrade download that’s a bit of an obstacle. The Linx settings not to download on specific battery charge % means that you’ll have to fully charge, and alter the battery saver settings to get the ball rolling on the upgrade. Once upgraded there’s no issues with Camera, blue tooth etc. Hence the smooth transition I mentioned.

The second hurdle will be the SD expansion, remember to reboot after you insert the SD card so it’s recognised by the system. Having got over these two minor obstacles you’re up and away.

Unlike the original 8 and 10 tablets that the company launched, the Versare doesn’t come with Office 365 included (no doubt Microsoft are weaning users off the old style personal edition). Instead, on install you’ll see three blank tiles that act as shortcuts to the store, so you can download the Word, Excel and PowerPoint apps to use if you have a 365 account already. In a way, this is advantageous disk space wise, in not having to install the full Office suite. But, the Office apps are more than adequate for use on the move for word-processing and spreadsheet use, and are upgraded regularly adding extra features.


The device

Having 4GB RAM is a first for Linx, and lets the Windows 10 Home software it comes with work fine, a definite bonus for the more power hungry old tablet users that are out there, capable to multitasking around four applications with no noticeable degradation to performance.

kickstandThe 10v64 fits nicely in the sub £200 bracket, obvious hardware restrictions were used in its manufacture. For example, the front and rear built in webcams are both 2 mega pixels not exactly the best, but sufficient for video calling and taking the occasional snap if needs be. The 10″ touchscreen is 720 standard HD 1200×800, again not the highest quality, but provides a good clear quality image for the desktop use and general viewing purposes, even for long periods of time.

The tablet unit itself is a weighty affair (remember I’m used to working with the smaller 8″ tablets) not only by its increased size, but the aluminium body and kickstand that allows the tablet to be used in laptop mode, so this in my opinion is a machine for using more in laptop mode remotely, rather than tablet style wandering about, as it will become unwieldy after a time.

Under the hood beats one of the last and best Atom processors the x5-Z8300 a 64bit Quad core solid heart. You’ll  find that the Linx can work well in desktop mode and handle a moderate amount of multitasking in its stride. The battery’s no disappointment, with you getting a good 5 hours processing time out of it before the sirens start to wail J which isn’t that bad for work purposes, as you can sneak in a recharge top up easily at lunch whilst in use.

The charger has gone back to a one-piece micro usb affair, and the device does take a little time to re charge fully.


Additional ports

Another difference between the 1010 and the 10v64 is the addition of a full sized USB 3 port on the unit.

10v64 portsThere’s also the standard Linx mini USB port (with an adapter supplied) enabling two full size USB ports to be available. Which is handy for a mouse, and connecting to external storage for example. The mini HDMI port is also available, allowing the unit to output to another screen if so required.



The system comes with a click connect keyboard now, much like the Surface, with a good positive click connection. Overall the keyboard (which is obviously reduced by the 10” size) works well, and doubles as a folder over cover.

10v64keyboardThe ability to use Fn key and alternative keys marked in the classic blue colour gives you the missing additional characters, and a number pad replication. The keyboard also contains the central mouse pad. Never been a great fan of mousepads, but once you get used to the occasional quirk, (moving mouse pointer and hitting the left/right button area) this works okay too. But for heavy mouse work, I’d recommend you make use of the USB and plug in an external one, to save your sanity.




My device was recently upgrade to the 1703 Creators Edition of Windows10 and everything ran fine with the update, and not one of the “this application has been removed as it’s  no longer compatible  messages. Hardware wise you’re  stuck with the 4GB DDR3 SDRAM (which is quite nippy) and the 64gb internal. The SD card can be expanded to allow another 200gb.


In the field?

So, is this a tablet that can replace your laptop?  It certainly can for me!  Both work and home computing for me is heavily reliant on cloud, using the 10v64 was no different to me using the laptop/notebook as that’s  where much of the software I use is held. Basically, give me tablet and a fast internet connection to sail her by and I’m  fine.

10v64modelThe 4GB memory and what I can only say is best of the Atom processors it’s  a Quad core! Really work together well for locally installed applications, there’s very little lag in launching and running applications. Going through updates is much easier with SSD as I’ve found.

The screen quality is good clear with a crisp resolution and usable in bright light. With the kick stand you only get two viewing angles 40 and 80 degrees but a desk the angle is sufficient to allow the screen to be visible without too much glare from windows or overhead lights, so is fine for working at the desk, at a table or a good flat surface somewhere if you’re out and about.

The keyboard arrangement works well uses a powerful magnetic catch that connects two prongs on the top of the hinge  to a single opening on the bottom edge of the tablet screen. A small connective strip between the prongs forms the electrical connection between the keyboard and the screen. The keyboard connects and more importantly stays connected well without the need for a release clip/button, and if you need to move the keyboard folders over the screen to make a good cover.

On the whole this is a great little machine, now the alternative to my use of the 8″ tablet work working on the move. The 10v64 is well built, works well and a solid reliable device








Dynamic Lock Windows 10 1703 Version

To add that little more security when you’re away from your PC you can use Dynamic lock, a new feature from the Windows creator update. Where your device is linked to the phone via bluetooth. When you (and your phone) are out of the range down comes the door locking your PC until you return. It’s a feature that will keep the ISO security brigade happy

Pair your phone

To enable Dynamic Lock, you must pair your phone with your PC. You can skip down to the next header if you already have paired your phone to the device.

On your PC, go to Settings > Devices > Bluetooth & other devices.

Turn on Bluetooth with the toggle switch there. (Turn on your phone’s Bluetooth as well).

Next, tap the “+” button for Add Bluetooth or other device.

In the pop-up Add a device window, tap Bluetooth, then choose your device from the list that appears.

Prompts should appear on both your PC and phone. Accept them to pair.

Turn on Dynamic Lock

This is a simple switch on, so go to Settings > Accounts and then tap Sign-in options in the left panel.

Scroll to the Dynamic Lock section and check the box for Allow Windows to detect when you’re away and automatically lock the device.


Dynamic Lock what it does

The device PC/Tablet will continue unlocked while your active on the device and until you and your phone are out of Bluetooth range. It takes 30 seconds after you’re out of range for the lock to engage, so if someone hops on your machine in under that time frame the lock will not engage as the machine is active


ISO states you should regularly lock your PC when you leave your desk, then perhaps Dynamic Lock can be useful as a safety net, kicking in to lock your PC should you forget, perhaps when you run out of your office Friday close of business J


This currently on your return has to be done manually. Only if you have Windows Hello active can you use face / biometric finger print etc to unlock the device. It would be nice if when you wandered back into the range for a time that the device unlocked itself, buit I suppose tha t would be a lapse in security if someone stole your phone for example

Telework/Remote Worker considerations

Working from home or on the move being a mobile worker is on the rise. A quick google and countless pages tell of employer/employee satisfaction. Large companies and small business can all thrive from the “remote worker” but providing its done right. For, as many success stories there are, there’s also horrible  fails.

But with the advent of recent hardware/software changes telework is an easy thing to introduce for employees, its benefits for employer office space wise, and employee not facing the dreaded commute are amongst the main advantages. But, how can both maintain good productivity?

Sadly, although some employees may expect “teleworking” as a perk, the productivity can fail. Employers offering the facility working from home can start to notice “failings”. As with anything there’s good/bad practices.

As an occasional teleworker for a continental company I can see these, but good practices get rid of the failings. Bridging the space between the office and home worker is the real key important factor, provision of equipment, and availability on Skype or some other conferencing tool, is not just the answer, there’s some liability on the employee themselves, to be effective and productive working remotely.


Internet Access

Sounds a silly, subject to check but even today there are still some blind spots with internet access, slow speeds and unreliable connections. If you’re offering home/telework as an employer, ensure that the user has an adequate internet access speed to be capable of doing the work. Certain providers effectively “block” some some forms of home working by adding security to the router and disallowing VPN types, or recognise your using bandwidth for business not home purposes. Get the employee to check they’ll be able to work out of office. A simple trial connection to the office and the software the user will need over a day or two should suffice, but be prepared for changes too.

Without doubt a good solid base landline /cable connection is needed, although 4G is nice, it’s not reliable. I live near five schools, and come lunchtime try and get a 4G signal as the kids are on lunch, as the local mast gets hammered, is a lottery connection wise. Mobile data is fine, but consider the environment, you should be fine in a town or office, but not if your working in an environment, that’s like a cellar in an old stone building! Check in advance of your visit that internet connectivity is possible for you, or that there’s some alternative arrangements connection wise.

Seeing staff grumble their internet connection is down, on social media when they have no backup is not what employers or clients want to be seeing. After all your expectation is going to be what is this person doing remotely without a connection? Colleagues working for larger companies have the “luxury” of having the internet provided for them by the employer, its not always the case and internet connectivity by the home worker is the top priority, you should not want to hear that “my connections dodgy today” from end users..

Also the watch out for the café culture  free wifi is handy, but firstly sending data over an unsecure connection (more on this later) is a bad idea. Also, be aware of your environment, do you really want a skype call from the local burger joint, where kids are screaming in the background, and the shouts of the bar / café staff? Think how this would look professionally.



Remote workers benefit pure and simple from VPN, not only does it offer a secure encrypted connection (getting around the internet access from free wifi we mentioned earlier). It allows access to the corporate/company domain facailities remotely.

Yes the employee has their company issued machine at home, or may even use their own if you allow BYOD, but do you really want your data saved on a remote machine? Simple answer NO, it should be stored on the corporate network. Or, at least somewhere accessible to the company such as cloud or local domain storage, in the even of loss/thief or accidental damage to the device.

Ok, you can protect a device with for example bitlocker, so if the device gets lost, stolen the information is unusable, but it’s still lost! If stored locally on the device hard drive. Encourage use of cloud storage and saving to the domain, its fine to have a local copy but lose the device, drop and damage it and you’re up the creek without the proverbial just keeping things local.



For the BYOD brigade use RDS or remote apps, even let the employee remote into a desktop device on the office for security sake. IT should basically not allow external devices onto the network, unless they’ve been checked. Maintaining domain access via a networking method is a good way of avoiding risks, as the network defences are the same both internally and externally for users.

The moment someone has a different machine the toll of IT support starts to rise with the can I have this installed, product X doesn’t work the same when I’m at home. Provision of a familiar environment always sounds like your clamping down on the end user, and to a degree you are. Otherwise, ensure that the end user has some base IT knowledge so they can map to drives they have permission or access  to. They don’t need to be a  Bill Gates of knowledge, work on the car principle as I call it. You need to have knowledge of changing the oil, water and wiper blades to maintain its running, but when something goes wrong, the user has to be able to tell you where the knocking sound is coming from at least, so the mechanic can know where to look at resolve the issue quickly.

Sadly too many remote workers have a lack of Basic IT skills, ensure that you offer training or assess their capabilities, before you let them work remotely. Again this avoids end user frustration not being able to complete tasks, and a whole lot of time for your ICT staff.



Keeping the remote user on the same phone network eases having to remember mobile numbers, enables you to transfer calls, so you or other clients don’t have to ring or give out alternative home/mobile numbers of remote workers to contact. Remember VOIP will run on phone and device , so the teleworker when away from the device can still be contactable. Voip generally uses less bandwidth as does teleconferencing, if your office uses it, the remote work can simply join in on conference calls as they would frm their own desk.

Again the remote worker should consider their environment, if making a business call listening to “little Martin” screaming in the background, or being on the receiving end of remote workers taste in streamed music is a no no.



This is classed as one of major tools of tele/remote work, but in honesty it’s a blessing and a curse. Some folk simply don’t use Skype correctly, and as such is a constant source of distraction, with the bleep/bloop ring tone breaking the users concentration from their task.

Software has safety features, such as informing others your available, busy etc. Use them, don’t ignore them. Being in contact and knowing what remote workers are doing is essential, the manager should know that they are busy finalising an urgent  report, and therefore keep other minor interruptions clear of the worker.

As with any two edge sword, they should also wonder why the remote worker isn’t available when they’ve or clients have tried to contact them too.

If you’re going to conference with clients, don’t do it from the local burger emporium, or the living room with the tv/radio on.  It sets a very unprofessional presence, if you’re working from home, ideally have a home office, or at least a real quiet corner so you can focus on the call.


Collaboration software

Really that’s up to what the user and the company needs. Office 365 is a real boon, with the ability to share work, pick up others work and continue. You’re not bound to the device, and can pick up and work on the bus, from home, hotel etc.

Ensure remote users know how to work with a shared file system, again a number of times there’s been “I can’t edit the spreadsheet, as Fred’s in it” I’ve had to fend off, purely because users left files open and did another task, or the internet connections dropped leaving the file lock marker and IT wasn’t notified.

At the end of the day the worker is remote NOT ISOLATED they should report problems to IT and be able to contribute in their solution.

Remoting the remote worker for “repairs” to issues is easy Windows10 has facilities built in, or other products such as TeamViewer make ICT ‘s job of being their easier. Make sure you facilitate for such events. A remote worker without that the facility to work remotely is a waste of time effort and money.

Cloud provisioning

All of the above fits nicely into cloud, VPN to the corporate domain servers ensures access and security of information, working hand in hand with the collaboration  and ability to share work. DaaS accessibility to workers etc.

Onedrive/Drop box all allow the saving of information securely and remotely allowing other access if required. Cloud is something that should be explored not ignored for true remote working.




To Sleep, perchance to Hibernate or Shutdown ?

With the wide collection of new Windows mobile computing devices such as tablets and 2 in 1’s the question to Sleep, Hibernate or shut down a machine has become more of a grey area. Is there a right or wrong way?
Well No basically, it really does depend on what and, believe it or not, where/how you use the computer, as users utilising sleep often encounter issues caused by how they use the machine and in what environment.

As the computer that can be used anywhere brings in further problems which users may not even consider, how many users, do the following close the laptop lid, slide the laptop into their case and dash off after meetings. Or, at home leave the laptop on the couch/settee cushion when they work, or lay on the floor carpet.

Basically, blocking the air vents on devices with small footprints that rely on circulation to keep cool, is a bad idea and can lead to hardware problems. Try using a tablet after streaming a movie, and you’ll notice it gets warmer to hold. It really does depend on what you’re doing. Light use such as email, browsing hardly uses any power, so you don’t get heating problem as the processor isn’t breaking a sweat, so closing the lid is less of a worry.
Any way the rules of thumb I’d recommend, aren’t just for battery/power saving but also take into consideration the actual components in your machine.

The option to use if you’re away from the machine for a short period of time, and want the device to start up quickly when you return or get to the next location in a short time. As all power except to RAM is effectively disconnected. The system has basically remembered what it was doing, so it can recall that state instantly on power up.
Problem is, leave it for a long time or during lower battery and you have the risk of RAM fail and possible corruption of memory, with the system not waking correctly and having to do a reboot.

The big sleep, the entire state of your computer is saved to disk basically, so when you wake the machine from this state it takes a while longer than sleep as the saved file contents are read back to reinitialise the machine from the state prior to hibernating. So you can you this for long periods, as power save is more effective than napping/sleeping the system
Issue you have here is inexperienced users panic in the time it takes to wake, and start hitting power buttons keys, which can interrupt the reinitialise and therefore they start thinking it broken, when it doesn’t restart instantly.

Power off
For me the better option, yes it takes longer to start the machine in comparison, if it’s taking ages, I’d recommend reviewing the apps you have is start up, are they all necessary?
Why is it better? Re starting the machine, gives you clean disk caches, reloads the registry, and clean RAM, so everything is ready to go with a clean slate. The start clean ensures no memory resident stuff left from apps that you may have run still hogging memory from sleep/hibernate is cluttering, or even more dangerously still holding in memory resident possible threat (malware for example)

Lots of users have ‘bad habits’ my heart sinks when I see folk wandering around the office with an open laptop balance precariously in one hand, mug of tea in the other, knowing that another possible “repair” is coming my way. The above functions work, use them in the correct fashion and you’ll be able to come back to, or transit a machine without a problem. Also note that the battery life is a recommendation not a guarantee when using them 🙂

What is Private Cloud?

Private cloud differs from “public” cloud in that it’s design is to provide access only to ‘authorized’ users.  It still delivers the flexibility and scalability of cloud architecture but in a more secure manner. Private Cloud is the usual choice of business to deliver a more reassured secure method of Cloud deployment.

Private cloud can be delivered in two main ways:-

Externally hosted – provisioned from a cloud service provider by means of an accessible virtualized storage server(s), off the network domain.
Internal Provisioning – Deployed virtualized server within the organizations domain network, delivered via HyperV, Oracle’s Virtual Box

Either method deployed delivers a service that end users generally access it through web based panels and local applications access it through API integration. The large difference is that there is some form of additional security so that the server service is not directly accessible to all and sundry via the internet.

For external hosting a dedicated line via encrypted VPN or SSL connects the cluster(s) to the client network. There is no direct method of accessing the private cloud over the internet without the additional security level of the connection.

Internal provisioning relies on the domain link network, and the virtualized server is access via internal IP address or machine reference. End users access can be limited from access via the virtualized server OS security (validating users)

Domain vs Local (The tale of the home/remote user)

There are several releases of Windows but all have a Home version and a Pro(fessional) version. The overall concept is a Pro version has more features to make the computer easier to use in a business/enterprise environment, while the home version has the basic core features providing an operating system that works fine for the individual.

The Home version although cheaper, does not come with the domain features built in, which is underlying problem from a remote user and IT person’s viewpoint. Extra work has to be done to allow the user access to the company network facilities (more rightly the domain).

Unless you have a grasp of the concepts between local and domain user, things can start to get confusing for the user, not only remembering different passwords and becomes a security nightmare for IT and so on.  I could cut this article down by ending it here, saying only purchase Pro versions, but going against “golden rules” it is possible to use local computing within a domain. PROVIDED THE USER AND YOU KNOW THE CONSEQUENCES.


The perfect scenario

The company domain requires that the person accessing the domain is recognised. This is done by the bouncer of the domain the domain controller, quite simply if your name is not on the list, you’re not coming in. The user is listed on that domain controller and provided a password, which they can use to get by the bouncer.

The domain controller also has other skills which soften its role to the wedding usher, in that once you’re in it will control (to a degree) where you are allowed to sit in the congregation. Or, more correctly what can and cannot have access to (note there are other factors that can govern this).

Generically there are two base types of domain users:-

Domain admin: These logins are the security pass of the domain, when you log in you have control and the ability to change settings within the domain, this can be to allow access privileges, add devices etc.etc. It makes sense you don’t give domain admin access to lots of folks, simply because they could go around changing settings, without immediately letting other users what they’ve done. It’s an access level that should be held by trusted competent staff.

Domain user: This user is a worker, and therefore has to be given the right tools for the job. The concept being is that they are wrapped in cotton wool to degree, given the access to what they need to complete the task. For example, a production user doesn’t need management or finance information, so they can’t access that information. While a management user may need access to finance to check budgets, so they must cross over into other territory. This can be done easily under a domain.

Control over the domain user allows that user to safely wander about the company network and never into an area they are not supposed to be in. Should they need access to a restricted area it can be requested and provided by the domain admin. This ensure the smooth and safe running of the network domain overall.




The home user ‘threat’.

Although a home version of windows doesn’t come with domain features as standard, it does not prevent that machine from being used on a domain.

And here’s the first disadvantage: The journey through the domain is not a smooth one, unlike a domain account they won’t be presented with the drives that they can access, instead they will have to reference them, and then provide their domain identity, to “prove” they can access.

But certain features will still be unavailable, such as network printers, as they never checked in but sneaked around the DC it never gave them full domain access via policy. The immediate good news security wise is the DC is still the governor and won’t let them wander where they’re not supposed to, provided that their access isn’t domain admin.

And that’s where the problems start users get frustrated and have to start remembering that the document drive P: for example, is actually a directory share off a domain device and is referenced something like


Although it’s not rocket science, users won’t care that the document drive is really called 192.168.xxx.xxx\finance_documents they just want to access P: drive. Yes, you can create a shortcuts to make it easy to remember, but IT have to provide the name if it’s not known by the user, the link only works when you user is connected to the domain via the company Wi-Fi or remotely by VPN.

The real issue is….

I used the word “threat” in the previous section, at most so far things are a minor irritation to IT and user. But here’s the serious stuff.

When the local machine is set up it’s configured with a local administrator access, and rightly so, as you must install the OS and any applications that you use locally, and here starts the problem.

Unwittingly, let’s say that the user requires a program they need to use (it may well be for business purposes) being a local admin they can download for example adobe pdf reader, but instead of going to the official site, they take one of the many other links that are available, yes the download the application, but they also risk inheriting a load of malware/virus extra’s that they’ve gladly given their permission to as administrator.

AV is not a bullet proof jacket, it can stop most but not all things, and the user allowing things thro as administrator of their own machine as just opened the door to unwelcome quests on their own machine.

Which as we’ve just explained can hop onto the domain, opens up P: drive on the network and your local malware/virus has a whole new section of the menu to start considering to gorge on.

Yes, the domain will have AV, but you’ve forced your way into the domain you’ve possibly sneaked past the protection, and now are running the risk of infecting others, simply by saving files back to the network drives. IT IS THIS THAT IS THE REAL ISSUE


Should local machines be allowed?

The scenario above is not limited to enterprise, it’s a serious threat to your company network and others is if you’re a remote user. Although without shadow of a doubt the answer is YES don’t use home versions within a company it’s a sledgehammer to crack a nut solution.

I would put forward that you can safely use home versions within a company, BUT (it’s a big but) you educate and enforce users, it should not be an option to all, and it will create extra work for IT in maintaining such users but here’s the general rules.

Always use a strong AV and scan for infections

Goes without saying, ideally with any BYOD it should be checked by the company IT first to ensure is clean and safe enough to use for company business.

UAC a work account

If you have a local machine, that you need to use for work DON’T USE THE ADMINISTRATOR account. But create a second user account on that machine. Stop and think about what you need for that account and ensure that its loaded/configured by qualified staff, if you’re uncertain ask.

Never store passwords

Two good reasons for this, first one being loss of the machine, or leaving the system accessible, risks others being able to access domain features. The next reason is cached credentials; your local version will remember your domain password. A good network forces users to change the password periodically, so a time will come when you suddenly click on a mapped share you created and you’re asked for your password, you type it in and you’re not allowed access as the domain knows you need to change your password, but your local copy has the old one stored.

‘Fun’ begins and I use the word in inverted commas, as the user doesn’t know what’s going on and IT now have to start unlocking your domain login as the attempted entry with wrong password has locked you out. ! The problem magnifies itself if users start using phones to access email on another device that constantly checks the passwords

The problem can be rectified switching off other devices firstly and with clearing cached credentials on the local machine, so start googling and learning how to do that!


Safest option is to use the local machine as a simple terminal for office work, don’t use the machine at all for directly working on, but remote desktop to, or call on a remote desktop service to provide you with a domain registered system. There are advantages to this in that a cheap machine can be used as a terminal (so there’s hardware cost savings) which can access a more powerful desktop

Everything is done on the remote machine (be it physical/virtual) and is covered by the network protection. In the case of RDS the VM’s they can be destroyed after their use, so the possible risk of infecting the word macro on that machine is eliminated as its never saved for another user to make use of (again not a bullet proof jacket but a definite extra layer of protection