Remote Access to Win Server based on ip and username


Recommended Posts

Hello Guys,

 

I have a VPS Server running Windows Server 2008 R2 Standard. I access it using Remote Desktop Connection. I have admin rights so I can login and do my stuff. I wanted to give restricted access to 1 more guy so I created his normal user account and configured it so that he can also access it.

 

But I wanted that his access is restricted by IP address so he can only access from work. To do this I configured the firewall so that connections only from specific IP is allowed. Though it worked, it is applied for everyone which means even if I try to access it from some other IP I can't. How can I restrict login via specific ip this for only his account ?

 

I would be glad if anyone can help me.

 

Thank you,

 

Jack

"How can I restrict login via specific ip this for only his account ?"

On the firewall you don't - you need to setup your firewall rule to allow both your IP and his IP.

I didn't understand what you guys are trying to say. If I configure RDC rule in firewall and specify IP address then it accepts login from only that ip. Though it does the job but the problem is 1. my ip is not static 2. it applies to all accounts (and I want his only).

Remote programs like Teamviewer or VNC does not work properly in Windows Server. As long as the RDC window is open it will work and the moment that window is minimized or closed teamviewer stop working. Whats the point of teamviewer when I can anyways see the desktop through RDC.

Does not work properly on server...that is interesting because I use programs like them all the time to remotely connect to servers to administrate them. What is this "does not work properly" you are referring to?

Very specifically I manage over 500 servers with logmein.

"1. my ip is not static 2. it applies to all accounts (and I want his only)."

How would other accounts becoming from his IP? And even if they did, they would still need his account info to login? So confused as to how 2 is an issue?

As to 1, but his is? Where are you coming from - yeah not having a static IP can be an issue with trying to create firewall rules that limit by IP ;)

as to

"Remote programs like Teamviewer or VNC does not work properly in Windows Server"

Your confused for sure - both teamviewer and vnc work just fine on all flavors of windows.

http://www.teamviewer.com/en/help/38-Which-operating-systems-are-supported.aspx

Which operating systems are supported?

TeamViewer 9 is available for the following operating systems:

Windows

Windows Millennium Edition / NT(Service Pack 6a, at least IE 5.5) / 98 *

Windows 8 / 7 / Vista / XP

Windows Server 2012 / 2008R2 / 2008 / 2003

Windows Home Server / Home Server 2011

http://www.realvnc.com/products/vnc/tech-specs/

Supported platforms

Windows

x86 and x64 architectures supported, where available:

8.x

7

Vista

XP

2000

Server 2012

Server 2008 R2

Server 2008

Server 2003

NT 4 (SP6a)

Thank for your help. I think there is some confusion and I will clear it.

 

1) I have admin access and the other person is a standard user. I wanted him to access the VPS server from work only. But the problem is at my workplace the IP is dynamic so restricting access on the basis of ip isn't possible. Plus if I create a firewall rule and restrict by ip it applies to all accounts in that server. (please note that the vps server is located somewhere in the planet and not at my workplace)

 

2) When I said teamviewer does not work properly I meant that teamviewer in server works only if the RDC connection is open. This is a problem because why would I need teamviewer if RDC is open, I might very well use the RDC. If RDC closes teamviewer doesn't work and this destroys the very purpose itself.

 

I hope this helped.

"I meant that teamviewer in server works only if the RDC connection is open."

What??? Nonsense, Teamviewer or logmein or vnc have nothing to do with remote desktop being available or not. Nothing!

"But the problem is at my workplace the IP is dynamic"

So his public IP is dynamic? I find this unlikely to be honest.. At most what a pool of a couple of public IPs, so limit it to the public IPs of your work. This is server at some host somewhere on the planet right not your work network.

Now I agree we don't want anyone from the internet to be able to access port 3389 and maybe guess a username or password to login. So you create a firewall rule that only allows the public IP address of your work, lets call it 1.2.3.4 for example.

Now only someone from work can access your VPS via remote desktop. That your place of work allows 3389 outbound to the public internet is an issue for another discussion ;) Who at work would have his user name and password, are you worried about someone at work knowing your VPS ip address, and username and password to access remote desktop?

Lets say work owns 1.2.3.0/24 and you don't really know what IP address he might come from - it could be 1.2.3.1 or 1.2.3.254 or anything between. So just allow 1.2.3.0/24 Your still blocking 99.9999999999999999999999% of the rest of the internet.

So I wold take it you can connect from this place of work as well, so that firewall rule covers both of you. Now guess you want to able to access it from Home as well, right - so create a rule that allows your home IP as well. Do you want to access it from your local starbucks, then go to your local starbucks and look to see what their public IP is via something like whatsmyip.org and set a rule to allow access from there.

Just because home users get their IPs via dhcp from their isp does not mean they change hourly.. I have had the same IP address for year something. And I can tell you for example that the public Ip address at starbucks is not going to change very often.

As to what sc302 is saying, is allow vpn connection from ANY IP.. This is going to be a secure connection requiring more than just username and IP.. I would suggest say openvpn with TLS auth, so user has to have KEY to access your server..

edit: So here is me connected to a windows server os 2k8r2, it has remote desktop disabled.. See where I point that out in the screenshot via my teamviewer connection to it ;)

post-14624-0-39754700-1384137328.png

  On 11/11/2013 at 02:22, BudMan said:

"I meant that teamviewer in server works only if the RDC connection is open."

What??? Nonsense, Teamviewer or logmein or vnc have nothing to do with remote desktop being available or not. Nothing!

"But the problem is at my workplace the IP is dynamic"

So his public IP is dynamic? I find this unlikely to be honest.. At most what a pool of a couple of public IPs, so limit it to the public IPs of your work. This is server at some host somewhere on the planet right not your work network.

Now I agree we don't want anyone from the internet to be able to access port 3389 and maybe guess a username or password to login. So you create a firewall rule that only allows the public IP address of your work, lets call it 1.2.3.4 for example.

Now only someone from work can access your VPS via remote desktop. That your place of work allows 3389 outbound to the public internet is an issue for another discussion ;) Who at work would have his user name and password, are you worried about someone at work knowing your VPS ip address, and username and password to access remote desktop?

Lets say work owns 1.2.3.0/24 and you don't really know what IP address he might come from - it could be 1.2.3.1 or 1.2.3.254 or anything between. So just allow 1.2.3.0/24 Your still blocking 99.9999999999999999999999% of the rest of the internet.

So I wold take it you can connect from this place of work as well, so that firewall rule covers both of you. Now guess you want to able to access it from Home as well, right - so create a rule that allows your home IP as well. Do you want to access it from your local starbucks, then go to your local starbucks and look to see what their public IP is via something like whatsmyip.org and set a rule to allow access from there.

Just because home users get their IPs via dhcp from their isp does not mean they change hourly.. I have had the same IP address for year something. And I can tell you for example that the public Ip address at starbucks is not going to change very often.

As to what sc302 is saying, is allow vpn connection from ANY IP.. This is going to be a secure connection requiring more than just username and IP.. I would suggest say openvpn with TLS auth, so user has to have KEY to access your server..

edit: So here is me connected to a windows server os 2k8r2, it has remote desktop disabled.. See where I point that out in the screenshot via my teamviewer connection to it ;)

attachicon.gifteamviewer.png

 

Thanks buddy for your inputs. Lets solve this one topic at a time:

 

1) Team Viewer

I don't know how teamviewer worked in your server but read below a mail I got from teamviewer when I told them that I am unable to connect if RDC is off.

------------------------------

Pasting email contents

------------------------------

Dear Sir,

Thank you for your reply.

Basically if there is no active RDC connection to a user profile then there will no active desktop generated for TeamViewer to connect to. Hence in regards to "How to use teamviewer if my RDC window is not connected/closed." this is not possible to due to software limitations.

Also please excuse my colleagues statement as it may be misleading for your scenario. TeamViewer does not replace RDC connections, it only enhances it (more functionality plus allows multiple users to see the same screen).

If you have any further questions or require further information, please do not hesitate to contact us.

P.S.: TeamViewer 9 is ready - Secure your introductory discount now!

www.teamviewer.com/version9

Best Regards,

William Luu

-Support Technician-

------------------------------

TeamViewer Pty Ltd * www.teamviewer.com

 

--------------------------------------------------------------

 

2) So his public IP is dynamic? I find this unlikely to be honest. <----- come on, do you think I am making this up.

 

3) I did understand your login behind the IP thing.

 

a) i am not worried that someone else from work will access it using his username or password (it wont happen)

b) all I want is for him not to access the RDC from any other location (except work)

c) the ip at work is dynamic so it changes frequently (i.e. maybe one a day or once in few days or if router is restarted)

d) I dont know how your dynamic ip didnt change for months or an year but here it changes within days if not earlier.

e) I cannot restrict by public ip as it changes (mentioned above) plus it applies to all accounts. The last thing I want is that i myself cannot login.

f) Same case for my home as its ip is also dynamic.

g) Because the ip changes completely I cannot form a pool or state from 1-10.

 

I hope this helped.

No none of it helps because all your stating is gibberish nonsense.

What did you email them when you got that email back for starters? No **** you can not teamview to profile that is not active. If you wanted to support someone. If teamviewer is running as s service or you are consoled in when running it then you can teamviewer to it. But no you would not be able to teamviewer in if the software is not running.

This was your question?

"How to use teamviewer if my RDC window is not connected/closed." What was the rest of it? No you would not be able to teamviewer in and help someone that only has remote desktop access to something.. etc.. Since how would they run tv, etc. Which has NOTHING to do if tv is installed as a service on the machine.

So where is the question you asked them in detail?

2) Yeah I do!! Lets say they reboot the router daily, lets say that isp changes the IP address on purpose.. Your still going to be inside a network block of a.b.c.0/mask so there will be a range of ips, be it 254, be it 2k be it 4k, etc. That you will fall into.. So lock it down to this and your done.. This person can only access the remote desktop from that location or if he vpns into that location, or for some crazy reason he lives in the area and has the same ISP.

But a place of business would normally have a static anyway, other than small ma and pop shops with home internet type connections. So I take it this is a ma and pop shop?

b) if you limit the ip range to who can access he wont.

c) makes no matter to the solution allow the netblock as already went over in great detail!

d) Because of how dhcp works, there is a lease time.. You get the IP address for a specific amount of time. Even if you shut off your device that lease is still yours until it expires. Only once the lease has expired does the IP address go back into a pool for reissue. So even if off for length of time, that IP address is still under lease and you will get it back when you comeback online. These leases are normally for hours if not days.

post-14624-0-74481400-1384262663.png

So there is my lease from my router.. Notice the time of the lease 345600 seconds = 4 Days.. So I could turn off my router and would have somewhere short of 4 days before my IP address would be returned. Since you renew it at the 50% would have min of 2 days on the clock. This is how you keep the same address even if dynamic.. You keep renewing it if on, and even if off you need to be off for longer than the lease to loose the Ip address you had. Work you would think would be on 24/7/365 --- keep in mind not talking about your local rfc1918 address that your work dhcp hands out, since this has nothing to do with anything your talking about.

e) already answered in great detail as well - use a netblock

f) Again netblock!!! What do you not understand about a range of addresses? An ISP can only hand you an address they own, so its going to be a very small range.. If you see in the above lease.

option subnet-mask 255.255.248.0;

so /21 or 2046 addresses.. How is that not good enough restriction??

g) more gibberish!

edit: Here you go - look accessing via tv, remote desktop not running. Can access whatever profile I want, etc. So your problem with what tv sent you was how you asked the question. Because clearly I am remoted to this machine, can login to whatever profile would be available on the machine and remote desktop is not running - look no 3389 port even listening

post-14624-0-13956100-1384265166.png

post-14624-0-89127600-1384265171.png

post-14624-0-64098800-1384265174.png

So here I now see it on my computers TV interface of machines I can connect too.

post-14624-0-02124600-1384265178.png

Here is the windows login screen where I could pick what account I want to access.

post-14624-0-19902400-1384265182.png

Here is me connected via tv, when clearly remote desktop is not running on this machine!

post-14624-0-17838100-1384265184.png

So how is that remote desktop has to be running for TV to work??

  On 12/11/2013 at 13:31, BudMan said:

No none of it helps because all your stating is gibberish nonsense.

What did you email them when you got that email back for starters? No **** you can not teamview to profile that is not active. If you wanted to support someone. If teamviewer is running as s service or you are consoled in when running it then you can teamviewer to it. But no you would not be able to teamviewer in if the software is not running.

This was your question?

"How to use teamviewer if my RDC window is not connected/closed." What was the rest of it? No you would not be able to teamviewer in and help someone that only has remote desktop access to something.. etc.. Since how would they run tv, etc. Which has NOTHING to do if tv is installed as a service on the machine.

So where is the question you asked them in detail?

2) Yeah I do!! Lets say they reboot the router daily, lets say that isp changes the IP address on purpose.. Your still going to be inside a network block of a.b.c.0/mask so there will be a range of ips, be it 254, be it 2k be it 4k, etc. That you will fall into.. So lock it down to this and your done.. This person can only access the remote desktop from that location or if he vpns into that location, or for some crazy reason he lives in the area and has the same ISP.

But a place of business would normally have a static anyway, other than small ma and pop shops with home internet type connections. So I take it this is a ma and pop shop?

b) if you limit the ip range to who can access he wont.

c) makes no matter to the solution allow the netblock as already went over in great detail!

d) Because of how dhcp works, there is a lease time.. You get the IP address for a specific amount of time. Even if you shut off your device that lease is still yours until it expires. Only once the lease has expired does the IP address go back into a pool for reissue. So even if off for length of time, that IP address is still under lease and you will get it back when you comeback online. These leases are normally for hours if not days.

attachicon.gifleasetime.png

So there is my lease from my router.. Notice the time of the lease 345600 seconds = 4 Days.. So I could turn off my router and would have somewhere short of 4 days before my IP address would be returned. Since you renew it at the 50% would have min of 2 days on the clock. This is how you keep the same address even if dynamic.. You keep renewing it if on, and even if off you need to be off for longer than the lease to loose the Ip address you had. Work you would think would be on 24/7/365 --- keep in mind not talking about your local rfc1918 address that your work dhcp hands out, since this has nothing to do with anything your talking about.

e) already answered in great detail as well - use a netblock

f) Again netblock!!! What do you not understand about a range of addresses? An ISP can only hand you an address they own, so its going to be a very small range.. If you see in the above lease.

option subnet-mask 255.255.248.0;

so /21 or 2046 addresses.. How is that not good enough restriction??

g) more gibberish!

edit: Here you go - look accessing via tv, remote desktop not running. Can access whatever profile I want, etc. So your problem with what tv sent you was how you asked the question. Because clearly I am remoted to this machine, can login to whatever profile would be available on the machine and remote desktop is not running - look no 3389 port even listening

attachicon.giftv1.png

attachicon.giftv2.png

attachicon.giftv3.png

So here I now see it on my computers TV interface of machines I can connect too.

attachicon.giftv4.png

Here is the windows login screen where I could pick what account I want to access.

attachicon.giftv5.png

Here is me connected via tv, when clearly remote desktop is not running on this machine!

attachicon.giftv6.png

So how is that remote desktop has to be running for TV to work??

 

Though my knowledge on the networking side is limited but there are its crazy how you assumed some of the things.

 

1) Team Viewer

 

I acknowledge that you are able to run team viewer (as shown in images above) but when I said I am unable to run it, it didn't mean that I had RDC window open/closed only and that's it. This is what I did :

 

-> I installed team viewer, chose option Install to control this computer later from remote. Then I ran team viewer and took a note of id and password. (Teamviewer service and program is running). Then I just closed the RDC window. After that when I tried to connect and it failed. Then I opened the RDC window and then I tried to connect and it succeeded. This is what happened and when I emailed this to the TV support guys I got a reply which I pasted in the post above. After reading that reply what would you think ?

 

2) I am sorry but I need a bit of clarification on this front :

Your still going to be inside a network block of a.b.c.0/mask so there will be a range of ips, be it 254, be it 2k be it 4k, etc. That you will fall into.. So lock it down to this and your done.. This person can only access the remote desktop from that location or if he vpns into that location, or for some crazy reason he lives in the area and has the same ISP.

 

| Does this mean that if my ip is 120.59.180.190 then will only last few sets change or what does the above mean ?

 

-> This is a small business and to be honest we never required a static ip so far.

 

3) how fast the ip changes does not matter to me as I cant keep a track and update it in the ip list frequently. Please re explain me the netblock thing.

 

Thank you.

"Then I ran team viewer and took a note of id and password. "

You ran it - the password changes, and as soon as you logged out, it would stop running. You need to setup unattended access

http://www.teamviewer.com/en/res/pdf/first_steps_unattended_access_en.pdf

3) Who said anything about updating a list? Set it and forget it.

Look and your IP is going to stay with in a range of addresses.. so for example 192.168.1.0/24 says that this network is 192.168.1.1, .2, .3 up to .254 and .255 is the broadcast address while .0 is the actual wire and not used. Depending on that mask 255.255.255.0 etc.. tells you how big the network is what part of the address is hosts, which part is network. So look on your router and see what IP your isp gave you and what mask.. From the mask you can see how big the network is, then in your firewall allow that range.

ISP don't just hand out addresses willy nilly, they only own specific address ranges, they only use specific addresses in an area. So if you think your public address is changing all the time, then watch it you will notice it always falls inside a specific network. And I again doubt it changes as much as you think.. We are talking the public IP of your router, not what your local machines address are via the routers internal dhcp server to your machines. And those as well should stay the same unless your turning off machines for longer than your lease period you have set on your dhcp server you run locally.

example

post-14624-0-69096800-1384345688.png

Now keep in mind on your VPS are you talking the local firewall of the vps, or does your host give you option for other firewall?

Notice the local ips on the rule, if its a vps and public it once you allow access its local subnet is going to be allowed as well.. So for example if your vps had an IP address of

4.5.6.0/23

This would mean that 4.5.6.0 - 4.5.7.255 would be able to access since that is your local subnet. You would need to look at the ipconfig /all of your vps to see what its netmask is and therefore what network your on.

Is that address you gave yours or close via the fist 2 numbers? Or did you just make up numbers? I show that owned by

inetnum: 120.56.0.0 - 120.63.255.255

netname: MTNLISP

descr: MTNL CAT B ISP

country: IN

irt: IRT-MTNL-IN

address: Jeevan Bharati Building

address: Tower 1, 12th Floor, 124, Connaught Circus, New Delhi

Is that your ISP? Worse case call them and ask what range of address you could be assigned. Then set your rules in your vps firewall to only allow those networks.

  On 13/11/2013 at 09:03, ChuckFinley said:

I'm really surprised no one said just tie it down with Windows firewall.

That is what we are trying to get him to do - have you not read the thread? He does not understand the concept of a netblock or range or subnet, and says his IP keeps changing so that he can not do that, etc. etc.

that turned into a side topic, since he somehow got the impression that tv does not run on server versions, or that it only works if remote desktop is being used, etc.

Been like pulling teeth to get him to believe that tv runs just fine without remote desktop, and runs on server versions just fine, etc.

I think TV would prob be a better solution for him in security then opening up remote desktop to the public internet, since he does not seem to understand how to lock it down to a range of IPs, and he is convinced that his works public IP changes like every day or something. Which ok his IPs change, then just lock it down to that network - he does not want his 1 user to be able to access the vps from anything other than his place of work?? Not sure the reason for that to be honest. Seems pointless to me to restrict user you trust to access to only be able to access from one location? I personally don't see a reason for such a thing. I don't think this would be possible with TV, other than locking it down to specific partner ID, and installing it on his work machine - and then locking it down to that ID.

  • 2 weeks later...

Phew,

 

1) TeamViewer confusion seems to have been solved. Basically I had to setup unattended access and I did not do that. I tried to login by noting down the current id and password it gave and that didnt work once rdc window was closed. (Y)

 

2) Give me a few days to keep a track of my public ip and then I will get back to you. This way I will know how fast or how much it changes. True, I am not so good on the networking side but before I posted in this forum I did specify my public ip in the windows firewall specific ip address list. But after a day or 2 the ip changed and I myself got locked out. Thus I contact the the systems admin guys (vps hoster) and they had to fix it.

 

3) Standard users are not allowed to change date/time. Since I have admin account I made a change for that user and now he is allowed to change date/time. So can applications running on his account also change date/time or they are not allowed. ??

 

I really apprecicate your support. :yes:

 

Thank you,

 

Jack

Ok I have to ask - why would they need to change date or time on your vps?? At a complete and utter loss, does your vps not sync its time with ntp source? Why should you ever need to change this???

And why would you be worried about an application that he runs changing the time? What???

But yes if a process is running as user X, and user X has permissions to do Y -- then sure with common sense that process can do Y as well. But without some actual details of what your concerns are they are hard to address. Why would you be worried about his applications changing the system time?

  On 22/11/2013 at 13:30, BudMan said:

Ok I have to ask - why would they need to change date or time on your vps?? At a complete and utter loss, does your vps not sync its time with ntp source? Why should you ever need to change this???

And why would you be worried about an application that he runs changing the time? What???

But yes if a process is running as user X, and user X has permissions to do Y -- then sure with common sense that process can do Y as well. But without some actual details of what your concerns are they are hard to address. Why would you be worried about his applications changing the system time?

 

I run an application which downloads some data from the internet in real time. At times it need to adjust the time (not date) to work properly. That's why I asked that since user has permission then application also gets it automatically. This is the way that application works and has been doing so for years.

I have never seen such an application - and have been in the business 30 years. What is the time source for this application? You see new stuff all the time - what is the name of this application, you have me curious!

You do understand that if time is a factor that a Virtual machine is prob not the best thing to be running an application on that is time sensitive.. You should prob be on actual hardware.

  On 23/11/2013 at 10:36, BudMan said:

I have never seen such an application - and have been in the business 30 years. What is the time source for this application? You see new stuff all the time - what is the name of this application, you have me curious!

You do understand that if time is a factor that a Virtual machine is prob not the best thing to be running an application on that is time sensitive.. You should prob be on actual hardware.

 

This application gets stock data from internet and only sometimes adjusts the clock by a few seconds. Why do you say that running it on Win Server isn't a great idea? It's been running okay for last few weeks since I have been running it.

 

I need some advice to fine tune my server (to speed it up a bit) by probably not running unwanted services. So if I do something from my admin a/c will it affect all accounts or just mine and I had to find another way.

 

Back to our old topic, this is how my IP changes : (date is in dd/mm/yy format)

 

1XX.176.216.187  - 22/11/13 12 pm

1XX.176.128.90    - 22/11/13 5 pm

1XX.176.196.218  - 23/12/13

1XX.176.244.193  - 25/12/13

1XX.176.142.128  - 26/11/13

 

As you see the last two masks are changing. What do you say?

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Vivetool also has a GUI. Literally took me three clicks to enable this from there.
    • Microsoft Weekly: OneDrive horror stories, ramblings about Start menu, and more by Taras Buria This week's news recap is here, delivering you a roundup of the most important Microsoft stories, including a bunch of odd stuff and bugs in Windows, OneDrive horror stories, ramblings about the Start menu, a couple of new Windows 11 preview builds, important news from AMD, and a lot more. Quick links: Windows 10 and 11 Windows Insider Program Updates are available Reviews are in Gaming news Windows 11 and Windows 10 Here, we talk about everything happening around Microsoft's latest operating system in the Stable channel and preview builds: new features, removed features, controversies, bugs, interesting findings, and more. And, of course, you may find a word or two about older versions. Microsoft released a new out-of-band update to fix boot issues on certain Surface devices. The company announced certain Windows 365 updates, such as VBS and HVCI support (by default) and app provisioning in Windows 365 instead of entire cloud PCs. Microsoft is also removing legacy drivers from Windows Update in a new "strategic move." This is the default Windows 365 wallpaper On the negative side, we have the latest Patch Tuesday updates breaking the DHCP Server in all Windows Server editions. Also, there is some bad news for PC users with Windows Hello cameras: after the April 2025 Patch Tuesday updates, Windows Hello does not work in the dark. The change was quietly introduced to address security issues. Windows Goodbye That is not all, though. As it turned out, solid-state drives from WD could still block your computer from installing Windows 11 version 24H2, which was released in October 2024. Also, Microsoft's Family Safety feature is now blocking Chrome, for some reason. Here is an editorial from Usama Jawad (welcome back) about how, four years after the initial release, Windows 11 still does not offer strong enough reasons to upgrade from the outgoing Windows 10. Also, Usama shared his thoughts about the Start menu and why he had stopped caring about its changes altogether. Speaking of the Start menu, check out our overview of what users wanted from Microsoft and what the company delivered in the redesigned Start menu, which was recently announced. Windows Insider Program Here is what Microsoft released for Windows Insiders this week: Builds Canary Channel Build 27881 This week's Canary build introduced context menu improvements, new accessibility features, Settings app tweaks, and more. Dev Channel Nothing in the Dev Channel this week Beta Channel Nothing in the Beta Channel this week Release Preview Channel Build 26100.4482 (KB5060829) This build improves File Explorer and search performance, adds some changes to default browser settings, and fixes multiple bugs. Some hidden stuff in the recent Windows 11 preview builds includes a new adaptive battery saver. This feature dynamically adapts battery saver mode according to your workflow, but in its current form, it is not fully operational. Even though Microsoft acknowledged its existence, the adaptive part still needs improvements. Another useful change in the recent builds is the return of a clock in the notification center. This time, however, Microsoft makes it more customizable, and you can toggle it on or off. Also, the company is moving more Control Panel bits to the Settings app and adding a rather unexpected customization feature that will let you select where system indicators (flyouts and sliders) appear on the screen. Microsoft started rolling out a new update for the Snipping Tool app. The latest release lets you save screen recordings as GIFs. Shortly after that, we posted a guide with a bit more detail about the feature. Updates are available This section covers software, firmware, and other notable updates (released and coming soon) from Microsoft and third parties, delivering new features, security fixes, improvements, patches, and more. Microsoft is working on a Dashboard redesign for PowerToys. Developers published an early look at what is coming to the app in future updates, revealing a better-organized page with quick links, a shortcut overview, and a list of available modules. This week's Office updates are rather mixed. OneDrive, for one, is having problems finding files. Microsoft acknowledged the issue, which affects users on Windows, iOS, Android, and the web. Unfortunately, that is not the only negative story about OneDrive. A new report from a frustrated user revealed a scary tale of Microsoft locking them out of an account full of invaluable content. Outlook also has some issues, this time, with opening emails, and Microsoft 365 will soon disable outdated protocols for file access. Finally, Copilot in Excel received a major update for context awareness, which made the assistant more useful when answering questions about data. This week's browser updates include several releases. Firefox announced a new method for pinning and unpinning tabs. It is now available for testing in the Nightly channel. Microsoft Edge was updated with fixes for two security vulnerabilities (high severity) originating from Chromium. Finally, here is this week's Microsoft 365 Roadmap with an overview of all the new stuff that Microsoft added to the website. Here are other updates and releases you may find interesting: Microsoft 365 security in the spotlight after Washington Post hack. Microsoft expands European sovereign cloud offerings with new data and key controls. Microsoft Defender XDR received TITAN-powered Security Copilot recommendations. Microsoft reportedly plans more layoffs. Watchdog found Microsoft guilty of confusing advertising when it comes to Copilot. Here are the latest drivers and firmware updates released this week: AMD released a new chipset driver for Ryzen processors under version 7.06.02.123, which followed a security update for TPM-Pluton. Nvidia 576.80 WHQL with fixes for the RTX 5090 FE, new game support, and a long list of fixes. You can get some extra performance on certain AMD Ryzen chips with a simple system tweak. Surface Pro 11 and Surface Laptop 7 received big firmware updates with multiple fixes and improvements. Reviews are in Here is the hardware and software we reviewed this week This week, Steven Parker reviewed the TerraMaster D4 SSD, a palm-sized DAS with up to 32TB of storage that you can connect over USB4. This thing is rather impressive, and for a modest price tag, it delivers a tiny footprint, great looks, full RAID support in TOS 6, quick connection, and more. On the gaming side Learn about upcoming game releases, Xbox rumors, new hardware, software updates, freebies, deals, discounts, and more. AMD and Microsoft announced some big news this week. The two companies revealed a new multi-year partnership, which secures AMD as the future maker of chips for Xbox consoles and other hardware. Sarah Bond announced the partnership in a new video on the official Xbox media channels. Turn 10 Studios announced a new Forza Motorsport update. Update 21 brings IndyCar content, Career mode expansion, Featured Tours, new reward cars, and more. It is now available on Xbox and PC via the Microsoft Store and Steam. Minecraft is another Microsoft-owned game that received a big update this week. The long-anticipated graphics overhaul is finally here with directional lighting, volumetric fog, improved shadows, reflections, godrays, and a lot more. In addition, Mojang released Chase the Skies, the latest content drop, which adds happy ghasts, new music disks, a locator bar for players, environmental fog in the overworld, new background music, and all sorts of small gameplay changes. Microsoft announced new games for Game Pass. The latest additions include FBC: Firebreak, Crash Bandicoot 4: It's About Time, Start Trucker, Wildfrost, Rematch, Call of Duty: WWII, Rise of the Tomb Raider, and more. As usual, some games are leaving the subscription. Valve released a big update for the Steam overlay. The latest version introduced major upgrades to CPU and VRAM usage, temperatures, and other important metrics that you might want to track when playing games on your gaming rig. Deals and freebies Also, be sure to check out this week's Weekend PC Game Deals article, which features rhythm bundles, fishing festivals, DRM-free summer sales, and more. Other gaming news includes the following: Take-Two confirmed Borderlands 4 will not cost $80 for the base game. The Coalition expanded the Gears of War: Reloaded beta after its rocky start. Ara: History Untold 1.4 update delivered overhauls to AI, map generation, combat, and more. Star Citizen Alpha 4.2 update lands with radiation hazards, dynamic rain, and more. This link will take you to other issues of the Microsoft Weekly series. You can also support Neowin by registering a free member account or subscribing for extra member benefits, along with an ad-free tier option. Microsoft Weekly image background by steve_a_johnson on Pixabay
    • I'm afraid not, Microsoft does release updated installation images for Windows through MVS every month, but they do not include any update to Defender's components or signatures. That's what the package talked about in the article is for, it includes a PowerShell script for the update.
  • Recent Achievements

  • Popular Contributors

    1. 1
      +primortal
      635
    2. 2
      ATLien_0
      230
    3. 3
      Michael Scrip
      217
    4. 4
      Xenon
      149
    5. 5
      Steven P.
      141
  • Tell a friend

    Love Neowin? Tell a friend!