Well. I wanna "soft migrate" users in my org (i am owner) from windows system (I just dont wanna pay for windows utils anymore, feed them with our date, be vulnerable to 95% malware and I plain like FOSS). Idea to make everything working on windows to be limited to 1 mbps while other systems (mac, linux, android etc) not affected.
Only TTL filter came in mind, so maybe you have better ideas?
Hi
Unfortunately, we do not support automatically throttling based on the client device's operating system.
However, if the number of Windows devices is relatively small, you can manually throttle them in the Admin Panel - Clients section.
For more details, please refer to:
Please note that for some models, you must first disable acceleration in Network - Network Acceleration.
If you are really the owner, why do you need to do trashy stuff like limiting performance? Just mandate it and move on with life.
Im confused by your post. If you are the owner of the org why dont you just make the decision to get windows off the network?
Playing childish games like the above (if you can get it working) is just gonna be an annoyance to your IT staff with those gonna have to deal with tickets/calls regarding “slow performance”
Usually in a org environment I would rather look into someone who does security or do it by yourself.
The first rule is to never use computers with the build in owner account and people using it, I know that Windows does that after installation, if they run as non admin they are already protected like 70% of most of the things.
Then you can look into security policies in windows, you can force admin for each application which extract data to %temp% which is basically all downloaded exes, they call it a software restriction policy.
Then you can look into more enterprise solutions like setting up a vm cloud, and pxe boot computers and locking down usb ports and such, and make windows users login to a domain server.
There are lots of ways to do things, just slowing down a network is not really security... it can easily be manipulated too, just restrict it on ip and domains.
And there are also some dpi kind of agents like wazuh so you can see what the activity of someone is.
Second rule: IT in businesses isn't the same as doing IT at home.
Get yourself an IT service by professionals.
I tried and got backlash. 60% employees moved to FOSS voluntary, other don't like this idea. I don't wanns be "toxic" and force it, my main idea is to "present" this measure as "preventing network abuse through unsecure systems".
We are not so big to have whole "stuff". Only 2 IT people.
Six time "ha"! We got issues with malware (wanna cry) in the past, and simmilar issues quite recently (this time that was "harmless" trojan that only act as residential proxy).
Windows drain our finances for licensing and gives us horrible security back.
And patching holes in microslop is not our responsibility. Even with holes patched, it still leak enormous amount of data via telemetry or other intrusive shit.
I just wanna save up to some k$ monthly spent on nothing.
You are the owner. This is your network. Downtime = loss of revenue (which you have already said has happened)
Stop with the games and just make the executive decision.
You can do this in a phase approach (instead of just throwing out all the machines). That is perfectly fine. I would look at moving all the windows systems to their own vlan (Gives you some control over the traffic) and as you migrate them to another OS
But the whole playing games slowing down stuff and bending over backwards to people is just silly
I don't know what to say, but I would hire a special person who is certified to do this.
I take security very seriously, but when I read this, it really shows the lack in wanting to have proper security, there needs somebody in charge for security not for opinions or therefor lack of, this is exactly how hacker groups breach companies.
I rather have a specialist working on it, than having a mass CLA lawsuit for neglectance which is something what is going on now in my country with isp Odido in the Netherlands.