Bitdefender Antivirus — the free edition, at least — appears to be interfering with Remote Desktop Protocol (RDP) connections on Windows. Affected users may receive the following error when they try to log on to a remote PC or server with Network Level Authentication (NLA) enabled:

An authentication error has occurred.

The Local Security Authority cannot be contacted.

This could be due to an expired password.

While an expired password or a server-side misconfiguration can cause this error, it may also indicate a client-side issue. In this case, the error appears to be caused by Bitdefender Antivirus replacing the remote computer’s certificate in order to inspect encrypted RDP traffic. This process breaks Network Level Authentication and causes the connection to fail.

One workaround is to add file-level exclusions in Bitdefender for both the 64-bit and 32-bit versions of the Windows RDP client:

• C:\Windows\system32\mstsc.exe
• C:\Windows\syswow64\mstsc.exe

This is not an ideal solution, but the free version of Bitdefender Antivirus has a limited control panel and does not provide alternative workarounds.

References

• Bitdefender Antivirus Free Edition breaking RDP : BitDefender
• Remote Desktop Connection Issue [SOLVED] – Microsoft Community
• Bitdefender Antivirus Free – remote Desktop block — The Bitdefender Expert Community
• AWS ec2 windows login error saying An authentication error has occured. The local security authority cannot be contacted – Stack Overflow

Update 2/12/2020: Microsoft has reversed their decision to automatically install the Microsoft Search in Bing extension. The extension will still be made available but will not be automatically deployed with Office 365 ProPlus. The original post continues below:

Starting next month, Microsoft plans to use Office 365 ProPlus to push a browser extension for Google Chrome that will change users’ default search engines to Bing. Version 2002 of Office 365 ProPlus will forcibly install the Microsoft Search in Bing extension for all Chrome users who do not already use Bing as their default search engine.

Understandably, many system administrators are frustrated with the announcement, as unwanted browser extensions that change end-user settings are usually considered malware and are blocked accordingly. In fact, Microsoft’s own security tools already block dozens of programs that exhibit similar behavior.

On GitHub, users are responding to the change by opening issues in the OfficeDocs-DeployOffice repository. So far, it does not appear that Microsoft has responded to this influx of unsolicited feedback outside of publishing a blog post extolling the virtues of Bing.

Who Is Affected?

At this point, only businesses that have deployed Office 365 ProPlus are affected. Depending on the organization’s Office 365 license, ProPlus is the version of Office delivered to end-users when they install Office from the office.com portal. According to Microsoft, not all Office 365 plans include the ProPlus version of Office:

This extension is included only with Office 365 ProPlus. It isn’t included with Office 365 Business, which is the version of Office that comes with certain business plans, such as the Microsoft 365 Business plan and the Office 365 Business Premium plan.

Firefox Is Next

According to Microsoft, a similar extension for Firefox is also on the way:

Support for the Firefox web browser is planned for a later date. We will keep you informed about support for Firefox through the Microsoft 365 Admin Center and this article.

Removing The Extension

By making the extension an opt-out feature, Microsoft is putting the onus on system administrators to deploy a method for blocking its installation. While there are official ways to prevent the extension from being installed, there is no easy Microsoft-supported method for removing the extension once it has already been deployed. Instead, Microsoft recommends running the following command as an administrator on each affected machine using a script:

C:\Program Files (x86)\Microsoft\DefaultPackPC\MainBootStrap.exe uninstallAll

It should also be possible to blacklist the extension with the 3rd party Group Policy templates for Chrome and Firefox provided by Google and Mozilla.

Unfortunately, Group Policy and other enterprise management tools do not always apply to BYOD devices, leaving users who install Office on their personal machines with little recourse except to notice and remove the extension on their own if they find it undesirable.

Sources

• Microsoft Search in Bing and Office 365 ProPlus | Microsoft Docs
• Microsoft to force Chrome default search to Bing using Office 365 installer – The Verge
• Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users | ZDNet

It’s time: extended support for Windows 7 ends today. Originally released on October 22, 2009 and superseded by Windows 10 almost five years ago, Windows 7 carved out a huge market share for itself in enterprise and home environments alike. In fact, it took Windows 10 until the end of 2018 to finally break Windows 7’s dominant hold on the desktop OS market.

However, it’s time to move on. Windows 10 is a better, faster, and more secure OS that is — and has been for a while — the natural choice for modern environments and modern hardware. Even so, upgrading software and replacing legacy devices in huge organizations is difficult, and Windows 7 is sure to stick around as long as Microsoft offers the paid Extended Security Updates program to companies still trying to migrate. Just like with Windows XP, Windows 7’s story doesn’t end here.

In a blog post last week, Microsoft announced an interesting new feature for Windows 7 business users. With Windows 7 reaching end-of-life on January 14, 2020, many companies have already migrated to Windows 10, but it’s likely that not everyone is going to meet the 2020 deadline. With this in mind, Microsoft is going to provide a new paid service called “Windows 7 Extended Security Updates” to help ease the last few business customers onto Windows 10.

Only For Businesses, Not Home Users

Windows 7 Extended Security Updates (ESU) will be available exclusively for Volume Licensing customers, which means only the Professional and Enterprise flavors of Windows 7 will be supported. However, that didn’t stop Gordon Kelly from Forbes from writing a confusing article about the new feature. Instead, in his post titled “Microsoft ‘Confirms’ Windows 7 New Monthly Charge”, Kelly insinuates that Microsoft is about to start charging individual Windows 7 users a monthly fee as a penalty for not upgrading to Windows 10.

That isn’t the case at all. In fact, home users will not be able to pay for Extended Security Updates even if they want to since the feature is only available for Volume Licensing customers. In reality, this feature is specifically targeted at enterprises with specialized requirements that need assistance or just a bit more time to migrate their critical systems off of Windows 7. Extended Security Updates does not impose any additional penalties over the already well-established end-of-life date for the aging OS.

A Smoother Transition

The enterprise world works very differently than the usual home/small office Windows environment. There are a lot of factors that hold back major OS upgrades, and, as we saw with Windows XP, these delays can cause major businesses to run past the end-of-life date of software and become vulnerable to newly discovered security flaws. When Windows XP left extended support, Microsoft was forced to continue supporting select customers (for a fee) who were unable or unwilling to migrate to Windows 7 in time.

At any rate, Microsoft will only provide the Windows 7 Extended Security Updates option until January 2023, so Windows 7 is certainly not going to be around forever.

Oh, and Microsoft is not planning to force Windows 10 home users to pay a monthly fee either, no matter what clickbait nonsense Kelly writes.

Rufus, the lightweight and portable program for creating bootable USB drives on Windows, has reached version 3.0. Rufus, primarily developed by Pete Batard of Akeo Consulting, remains one of the easiest and most powerful ways to create bootable USB drives on Windows. Its simple user interface is easy to navigate, and Rufus is able to create bootable USB drives from a wide variety of Windows and Linux ISO files. It supports MBR and GPT partitioning and can even be used to create bootable DOS disks.

Released on May 29th, the version 3.0 of Rufus brings a new user interface and many other changes (pulled directly from the changelog):

• UI redesign to follow the flow of user operations (with thanks to Fahad Al-Riyami for the concept)
• Drop Windows XP and Windows Vista platform support
• Switch all downloads to SSL and use https://rufus.ie as the new base URL
• Add ARM64 support for UEFI:NTFS
• Fix delays when querying floppy drives during device enumeration
• Improve support of efi.img files on Linux ISOs
• Improve support for non-ISO9660 compliant openSUSE Leap ISOs
• Improve translation support and remove manual positioning
• Internal fixes and improvements

You can grab a copy of Rufus at its new website, https://rufus.ie/. Rufus can be run directly from the downloaded .exe file — no installation is necessary.

If you want to enable or disable the inverted colors feature in Windows 8 or 8.1, here’s what you’ll need to do:

First, press WinKey+F to open the search tool and then type in “Magnifier”. Then, select “Magnifier” in the search list (not “install magnifier” or something).

Once Magnifier opens, the screen may, as you might expect, magnify. Ignore this (or hit the minus button until the screen goes back to 100%) and locate the gear icon in the Magnifier window.

Check or uncheck “Turn on color inversion” and click “OK”.

If everything worked, your screen will now be inverted (or back to normal).