More like this


Dear Microsoft – a sysadmin's wishlist

I promise I've been a good boy this year

A large hand flicks an icon of a little red man. Image via shutterstock (Lasse Kristensen)

Sysadmin Blog I yell at Microsoft a lot. It's cathartic. Microsoft make several decent pieces of software and quite a few great cloud services, but for every awesome thing they create it seems they ruin something else. Over the past year I've developed a wishlist of changes. Dear Microsoft...

Azure Stack

I like Azure Stack. A lot. What I don't like is the price tag. The preview version was great. Unfortunately you removed our ability to roll our own. That's sad, but I understand that all your large partners are eager not to be put out of business by your ability to single-handedly render them irrelevant and make cheap Chinese server manufacturers the future of the data centre.

They want enough time to bleed the companies dry before parachuting out figure out a new business model. Fair enough.

What would be groovy, however, is if you found a partner to release a two-node solution for the enthusiast/SMB market. Xeon-D-based nodes are fantastic examples as they can put 128GB of RAM into a single node, allowing the creation of a highly available cluster with enough RAM to actually take Azure Stack for a ride.

I am aware that your first response will be "but... but... the cloud". Stow it. There's a bunch of us who are never going to be OK storing our data with Americans, nor particularly happy about subscription fees. You know this, or you wouldn't have made Azure Stack in the first place.

A pair of Xeon-D nodes can be had for cheap, and even with integration overhead this could probably be built for under $7,500. That's a great starter kit for a business looking to grow, or even a reasonable price for a nerd looking to build out a home lab but keep their skills relevant. Please, let this be a thing.

Containers and desired state configs

Containers are good. Containers are great. Why isn't everything in a container yet? I don't actually care about application isolation or network microsegmentation or any of the other things that most of the Twitterati seem to care about with containers. What I care about is that containers package applications.

For ages the fact that Windows applications spread themselves out across the operating system, putting files all over the place has been a problem. Some of this is Microsoft's fault for periodically tweaking where everything is "supposed" to go, but most of it is that developers are just lazy and do whatever they want. The rest is due to Windows being really, really odd about where it wants various files put.

Containers – or container-like technologies – can solve this. It happens in the VDI world all the time. In a VDI world, we can isolate applications from the OS and patch the OS and the applications asynchronously from one another. We can even remove applications without leaving a bunch of detritus in the file system, logs or registry!

The problem is that the software that lets us do this in the VDI world is a hideous morass of multi-tentacled nightmares. We shouldn't need to weld together a dozen applications to a hypervisor just to get an operating system that can install and remove apps as needed. And VDI-like tools for servers are still in their infancy.

Microsoft, you have the technology. Turn it on by default. Every application should be in a container forevermore. Never again should we submit to the tyranny of WinSXS's exponential growth, nor some remnant application interfering with a new one.

While you're at it, baking desired state config directly into the OS would be great. It's all part of the same thing. I want to, as an administrator, be able to inject an OS into a VM – or on to bare metal – have it check for a desired state from management server, and configure itself appropriately. I then want it to either attach the relevant applications and data automatically (if a server) or when a user logs on (if an endpoint). I also don't want the management side of this to be 20 applications that were designed by a drunken Dr Seuss during a manic phase.

Most of the pieces already exist, they're just not well integrated, or the default. I imagine a world where I could backup a system not by streaming a terabyte of system image, but by having that system backup a few config files and some data containers.

Restoring would be a matter of booting from the relevant OS's .iso, and feeding it the backup config file. It would install, configure, and even pull down relevant app containers. I then tell it where the data containers are and Robert is your mother's brother.


Oh, Windows. Microsoft, why have you let it get so royally screwed up? Safe Mode – a critical diagnostic feature – seems to have become nearly impossible to access unless you've already managed to boot the running OS.

Whatever happened to "mash the F8 key"? This was useful. I don't care about handwaving around "it boots too fast". Let us set a flag that makes it boot slower so we can roll it into our configs. Make F8 great again.

Like oh so many others, I'm quite angry that the only version of Windows that is almost usable is Enterprise. Enterprise only comes in packs of five, and this makes me a giant pink rage monster. Make Enterprise something that can be purchased one at a time, by consumers, without a subscription.

While you're handing out unicorns, for the love of Jibbers, please stop resetting default applications after every major update. We choose not to use Microsoft-provided applications for a reason. Respect that.

Spying and updates

Please stop spying on us. Give us the ability to turn telemetry and tracking all the way off, and the ability to uninstall spyware like Cortana entirely. Also, for the record, building telemetry into applications compiled with Visual Studio is not OK. Nor is installing apps without user permission. Please stop.


While everything else above are nice to haves, updates are the biggest sore spot. The truth of the matter is that Microsoft is unable to make reliable updates. It seems that every month for at least the past eight months the weekly patch Tuesday has broken something important. This wasn't such a big deal in the past, because we could simply avoid those updates that caused problems. Cumulative updates prevent this.

So please, Microsoft, end the cumulative updates nightmare. Get an update mechanism capable of restarting services after updates so we don't have to restart every month. Provide clarity on what updates actually do (your current policy is outright asinine) and build a system-wide update mechanism that third parties can jack into that isn't the hideous, partner-hostile bureaucratic mess of the Windows Store.

Maybe, just maybe, if you started digging into the above Microsoft could start to slowly earn back the trust of customers. Trust is sort of an important thing when you're asking customers to buy into your cloudy services, and your continuous development model and otherwise cede ever more control of their environments.

Trust and a less fragile operating system are both key, Microsoft. Your competition are working on building both. ®