February 23, 2016

Windows 10 telemetry secrets: Where, when, and why Microsoft collects your data

How does Windows 10 telemetry really work? It’s not a state secret. I’ve gone through the documentation and sorted out the where, when, and why. If you’re concerned about private documents accidentally leaving your network, you might want to turn the telemetry setting down.

Telemetry is not a four-letter word.

You wouldn’t know that to listen to the relentless hammering of the technology by Windows 10 critics, who see it as a form of “spying” on the part of Microsoft. Unfortunately, many of those critics have used unreliable data , compounded by a misunderstanding of the basic technology, to form their opinions.

In this article, I want to take a closer look at the way that telemetry works and the data it collects. This article relies primarily on my own testing, using a number of Microsoft-provided tools as well as third-party utilities.

Revealed! The crucial detail that Windows 10 privacy critics are missing

Here we go again. The usual suspects are trying to turn routine diagnostic information into another manufactured privacy controversy over Windows 10. Don’t fall for it. (PS: You won’t believe what Apple’s privacy policy says.)

My research also included discussions with engineers as well as reviews of some thorough but obscure documentation. The most useful resource I found is a detailed technical paper written for IT pros and published in the TechNet Library: Configure telemetry and other settings in your organization . (That article has a convenient short link: aka.ms/ConfigureTelemetry.)

What is Windows 10 telemetry?

Microsoft defines telemetry as “system data that is uploaded by the Connected User Experience and Telemetry component,” also known as the Universal Telemetry Client, or UTC service. (More on that shortly.)

Microsoft uses telemetry data from Windows 10 to identify security and reliability issues, to analyze and fix software problems, to help improve the quality of Windows and related services, and to make design decisions for future releases.

Telemetry features aren’t unique to Microsoft and there’s nothing particularly secret about them. They’re part of a larger trend in the software industry to collect and analyze event data as part of a shift to data-driven decision making. (My definition of “the software industry” includes not just Microsoft and Google but also companies like Tesla Motors, which uses vehicle telemetry to provide ongoing product improvements to its cars.)

You can read about Microsoft’s use of this technology in a paper co-authored by Titus Barik of the University of North Carolina and several individuals at Microsoft Research. “The Bones of the System: A Case Study of Logging and Telemetry at Microsoft” will be presented at the International Conference on Software Engineering in September 2016.

It’s worth noting that the telemetry data I describe here is only a small part of the routine traffic between a Windows 10 PC and various servers controlled by Microsoft. Most network analysis I’ve seen looks at all that traffic and doesn’t isolate the telemetry data transmissions.

How does Windows 10 collect and transmit telemetry data?

Windows 10 includes a piece of software called the Connected User Experience and Telemetry component, also known at the Universal Telemetry Client (UTC). It runs as a Windows service with the display name Diagtrack and the actual service name utcsvc. Microsoft has engineered this component as a part of Windows.

You can see the DiagTrack service in the Services console in Windows 10. As I said, it’s not a secret.

windows-10-diagtrack.jpg

To find the process ID (PID) for the service, look on the Services tab in Windows Task Manager. This piece of information is useful for anyone who wants to monitor activities of the DiagTrack service using other software tools.

I used that PID to watch the activity of the DiagTrack service over the period of several days, using the built-in Resource Monitor tool on a virtual machine running Windows 10 Enterprise with a local account and the telemetry level set to Basic.

windows-10-telemetry-resource-monitor.jpg

That screenshot shows the DiagTrack component doing exactly what the documentation says it does, performing an initial performance measurement and then checking the contents of four log files every 15 minutes or so. Because I wasn’t doing anything with this test system, there weren’t any crashes or app installations to report, so those log files didn’t change during the period I was measuring.

Each data transmission was small. Microsoft says the average size is 1.2K, which is certainly consistent with my experience.

On my AC-powered test system running on a wired network, that’s roughly 32 connections every eight hours. If you run the same experiment on a metered network, Microsoft says no data is transmitted. If this system has been a notebook running on battery power, check-ins would have been once every four hours.

Diagnostic and crash data is uploaded only on AC power and on non-metered networks.

What data is collected from a Windows 10 PC?

The amount and type of data telemetry that the UTC will collect is determined by which of four telemetry levels is selected. Three of them (Basic, Enhanced, and Full) can be configured using the Settings app; the fourth level (Security) is available for PCs only in Windows 10 Enterprise and Education editions and can only be set using administrative tools such as Group Policy or mobile device management software.

Microsoft uses the following diagram to describe these four levels.

win10-telemetry-levels.png

Telemetry data includes information about the device and how it’s configured (including hardware attributes such as CPU, installed memory, and storage), as well as quality-related information such as uptime and sleep details and the number of crashes or hangs. Additional basic information includes a list of installed apps and drivers. For systems where the telemetry is set to a level higher than Basic, the information collected includes events that analyze interaction between the user and the operating system and apps.

I will not try to summarize the four levels here but instead encourage you to read the full descriptions for each level in the documentation.

The default level is Full for Windows 10 Home and Pro and Enhanced for Enterprise edition.

If you are concerned enough about privacy to have read this far, you probably want to set the telemetry level to Basic. Search for Feedback in the Settings app to find the Diagnostic And Usage Data switch shown here.

feedback-settings-basic.jpg

You can also use Group Policy and MDM software to enforce these and other settings on a Windows domain.

Organizations that have a need to keep outside network connections and data transfer to a minimum should consider the Security level, but only if they have the IT chops to set up their own update infrastructure. (At this level of minimal data collection, Windows Update doesn’t work.)

Where is telemetry data stored?

On a Windows 10 PC, telemetry data is stored in encrypted files in the hidden %ProgramData%\Microsoft\Diagnosis folder. The files and folders in this location are not accessible to normal users and have permissions that make it difficult to snoop in them.

diagnosis-folder-hidden.jpg

Even if you could look into the contents of those files, there’s nothing to see, because the data files are encrypted locally.

The UTC client connects to settings-win.data.microsoft.com, provides its device ID and a few other configuration details, and downloads a settings file.

Next, the telemetry client connects to the Microsoft Data Management Service at v10.vortex-win.data.microsoft.com and uploads any data that is waiting to be sent. The transmission takes place over encrypted HTTPS connections.

(That’s a security change Microsoft made in the Windows 7 timeframe. Previous versions sent telemetry data over unencrypted connections, making it possible for attackers to intercept the data.)

10 best privacy tools for staying secure online

A number of free and open-source projects exist solely to protect your identity and online activity. Here are just a few to make you more secure in the new year.

I was able to confirm these values using many hours of network diagnostics. Note that the IP addresses assigned to these individual hosts might vary. This is the very definition of big data.

How does Microsoft use this data?

Microsoft maintains potentially sensitive telemetry data “in a separate data store that’s locked down to a small subset of Microsoft employees in the Windows Devices Group.” In addition, the company says, “Only those who can demonstrate a valid business need can access the telemetry info.”

This data is compiled into business reports for analysis and for use by teams tasked with fixing bugs and improving the performance of the operating system and associated services. Only “aggregated, anonymous telemetry information” is included in reports that are shared with partners.

There’s no hard-and-fast rule that defines how long data is retained. However, Microsoft says its goal is to store data only “for as long as it’s needed to provide a service or for analysis.” A vague follow-up statement says “much of the info about how Windows and apps are functioning is deleted within 30 days.”

Is it possible for Microsoft to collect business or personal information?

Yes, especially at the higher telemetry settings.

The collection process is tailored so that the telemetry component avoids gathering information that could directly identify a person or an organization. However, at the Enhanced setting, when Windows or an app crashes or hangs, the memory contents of the faulting process are included in the diagnostic report generated at the time of the crash or hang, and that crash dump might include sensitive information.

At the Full setting, you grant Microsoft permission to collect extra data when your device “experiences problems that are difficult to identify or repeat using Microsoft’s internal testing.

The formal documentation makes it clear that this sort of investigation can snag personal documents:

This info can include any user content that might have triggered the problem and is gathered from a small sample of devices that have both opted into the Full telemetry level and have exhibited the problem.

However, before more info is gathered, Microsoft’s privacy governance team, including privacy and other subject matter experts, must approve the diagnostics request made by a Microsoft engineer. If the request is approved, Microsoft engineers can use the following capabilities to get the information:

  • Ability to run a limited, pre-approved list of Microsoft certified diagnostic tools, such as msinfo32.exe, powercfg.exe, and dxdiag.exe.
  • Ability to get registry keys.
  • Ability to gather user content, such as documents, if they might have been the trigger for the issue.

If you’re not comfortable with granting that sort of access, make sure you turn this setting down to Enhanced or Basic.

Permalink • Print • Comment

February 16, 2016

Worried that Windows 10 is ‘spying’ on you? Here’s how to take back control

There is no evidence to suggest that Windows 10 is “spying” on you, but if network analysis of the telemetry data isn’t enough to put your mind at ease, here are a couple of tools that may help.

 

I love the X-Files, and I enjoy a conspiracy theory as much as the other guy, but there needs to be evidence, and I’ve seen more far compelling evidence for the existence of Bigfoot, the Roswell crash, or the Lost City of Atlantis than I have for the allegation that Microsoft is using Windows 10 to spy on users.

And believe you me, I’ve spent countless hours searching for a smoking gun, with no success. Like my ZDNet colleague Simon Bisson, all I found was innocuous telemetry data.

This is why I’ve put the word “spying” in quotation marks in the title, and I’m only using this word because this is the word most commonly used by those concerned by this issue.

If you ask me whether I’m worried about using Windows 10, my answer would be “no.” I have dozens of Windows 10 installations here and I’m not in the least bit worried.

But despite such reassurances, there are a lot of people who are concerned by this, and the fact that Microsoft isn’t willing to give concerned users an official way to opt out from data collection (which I think is a bad idea) is adding fuel to the flames. After all, as Bisson pointed out, we live in “justifiably paranoid times,” where governments and social media sites are slurping up user data.

What’s wrong with a little protection?

If you are worried about Windows 10 privacy, I suggest that you take matters into your own hands and install a tool that allows you to shut down all the different ways that your PC is communicating with Microsoft. Be aware though that doing this will result in some features no longer being available, since a number of Windows 10 features rely on having a connection to the cloud.

Be careful though. I’ve come across a number of “Windows 10 privacy tools” from unknown sources that do who knows what. Some tools actively display ads, and one even installs a third-party tool that displays ads in other applications. Talk about taking what is a non-issue and blowing it up into a real problem! No self-respecting privacy tool should install adware onto a system. Period.

I’ve tried a number of Windows 10 privacy tools and boiled them down to two.

The first is Spybot Anti-Beacon. This is a one-click solution (along with an undo button in case things don’t go as you planned) from a known developer that’s been in the privacy business since 2000.

Still worried that Windows 10 is 'spying' on you?

Another tool that I like is O&O Shut Up 10. This one is particularly useful if you have multiple PCs because it doesn’t need to be installed and can be run from a USB flash drive. O&O also offers a good explanation as to why Windows 10 needs to be able to communicate with the cloud.

Still worried that Windows 10 is 'spying' on you?

“As an example, Windows 10 can remind you to set off to the airport 30 minutes earlier due to traffic en route. In order to deliver this information to you, however, Windows 10 has to access your calendar entries, your mails (i.e. the airline confirmation email), your location and it has to have access to the internet to get traffic news.”

I’ve tested both of these tools on a variety of systems and both utilities seem to do what it says it does on the tin, and nothing more.

If nothing else, they put you in charge of what happens to your data. If something stops working (or you break something) as a result of using these tools, well, that probably explains why Microsoft doesn’t want you to have this sort of granular control over communications to and from your PC.

And if you’re still worried, then fire up your PC, install Wireshark, and examine the packets yourself.

Permalink • Print • Comment

July 27, 2013

Skype says it will kill its Desktop API by end of 2013

By

summer-of-mobile3

Summary:It started life as Skype Public API in 2004 and was reborn in 2011, but it is time for Skype Desktop API to sail into the sunset. Yes, Microsoft is killing it and is asking developer to instead embrace Skype URIs.

summer-of-mobile3

Skype, the Microsoft-owned internet telephony service, is planning to kill its Desktop API (application programming interface), according to an email sent to developers by Chris Andrews, Head of Skype Developer Program. Skype wants folks to use Skype URIs as its believes that will allow the developers to access Skype via various platforms — mobile, web and desktop.

Skype is deeply enmeshed into the new Windows. Skype URIs need the Skype client for all communications, as Skype explains on its developer website. The action is to some extent driven by the growth of Skype on mobile, which has actually helped the company grow its usage.

The Desktop API enabled third party applications to communicate with the Skype network and is going to stop working sometime by the end of 2013. “Although we will continue to support the Desktop API for the rest of 2013, in September the App Directory will close,” Andrews wrote. (Full text of his email is below) I have reached out to a few third party app developers and will update the story with their reactions.

The Desktop API is the descendant of the Skype Public API that was first introduced in 2004. In November 2011, Microsoft introduced the Desktop API with much fanfare. Developer chief Andrews at the time told software industry trade publication, the SD Times:

“Skype released its first public API in 2004,” he said. “The biggest request was for a so-called ‘headless version’ of Skype that was all the functionality of the application without the user interface. That was available through SkypeKit in June 2010. Now, we’ve added a video API so developers can embed Skype video into their Mac, Windows and Linux desktop applications.”

Here is Chris Andrews’ complete note.

I am writing to inform you that due to some changes we are making to improve the overall Skype Experience, the Desktop API will cease to function correctly from September 2013 and we have made the decision to de-commission it.

As you may know, Skype has been investing in technology improvements, which will significantly benefit Skype users across all platforms, especially Mobile devices (see “Skype’s Mobile Future”). These changes will significantly improve the speed of delivery of calls and messages, whilst retaining excellent battery life. In addition, as more people are using Skype on more devices, we are also working hard to create a more familiar and consistent Skype experience across all of the major platforms (see “Skype passes 100M Android Installs and Launches Redesigned 4.0″).

As a consequence of this, we have decided to retire our Desktop APIs. These APIs were originally created in 2004 and do not support mobile application development. Going forward, developers will be able to write applications, which use features of Skype across all the major platforms, through the use of Skype URIs. We believe this will allow developers to create innovative mobile, web and desktop solutions, while retaining a familiar and consistent Skype experience across devices.

Although we will continue to support the Desktop API for the rest of 2013, in September the App Directory will close, chat functionality through the API will stop working and we will begin notifying users with messaging in Skype for Desktop. As a result, we wanted to give you notice now so you have the opportunity to modify your application in response to these changes.

I want to personally thank you for your investment in Skype throughout the years. This decision was not made lightly. Going forward, we hope you will consider the use of URIs as a way of developing innovative Skype powered solutions. If you have any questions or comments about the changes, please contact us at skypedev@microsoft.com . We’ll do our best to address them in a timely fashion.

Permalink • Print • Comment

How Microsoft handed the NSA access to encrypted messages

 

• Secret files show scale of Silicon Valley co-operation on Prism
• Outlook.com encryption unlocked even before official launch
• Skype worked to enable Prism collection of video calls
• Company says it is legally compelled to comply

 
 
Skype logo

Skype worked with intelligence agencies last year to allow Prism to collect video and audio conversations. Photograph: Patrick Sinkel/AP

Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers’ privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: “When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands.” The company reiterated its argument that it provides customer data “only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers”.

In June, the Guardian revealed that the NSA claimed to have “direct access” through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communications without a warrant if the target is a foreign national located overseas.

Since Prism’s existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.

Microsoft’s latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: “Your privacy is our priority.”

Similarly, Skype’s privacy policy states: “Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content.”

But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.

The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the issue. “These solutions were successfully tested and went live 12 Dec 2012.”

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. “For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption.”

Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked “for many months” with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access “means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about”.

The NSA explained that “this new capability will result in a much more complete and timely collection response”. It continued: “This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established.”

A separate entry identified another area for collaboration. “The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes.”

The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the Prism system.”

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. “In the past, Skype made affirmative promises to users about their inability to perform wiretaps,” he said. “It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google.”

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that “enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism”.

The document continues: “The FBI and CIA then can request a copy of Prism collection of any selector…” As a result, the author notes: “these two activities underscore the point that Prism is a team sport!”

In its statement to the Guardian, Microsoft said:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.

Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

The articles describe court-ordered surveillance – and a US company’s efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

They added: “In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate.”

• This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prism collection on or around July 2012.

Permalink • Print • Comment

June 2, 2011

10 mistakes to avoid when designing Access objects

June 1, 2011, 6:28 AM PDT

Takeaway: There are lots of false assumptions floating around the world of Access development. Susan Harkins has rounded up some of the worst object design mistakes that developers make — and offers a best practice to counter each one.

When you develop an Access application, normalizing your data and creating relationships is just the beginning. The next step is adding the UI objects that users will interact with and the queries that will populate those objects. There isn’t a set of rules, like normalization rules, to guide you during this stage. It’s easy to make assumptions that will haunt you sooner or later… usually both. The following are 10 assumptions you shouldn’t make when adding queries, forms, and reports to your database application.

1: Object names don’t really matter

Object names indicate the object’s purpose and often provide an easy way to organize objects in a logical manner. Object names can also help a developer work a bit more efficiently. A descriptive name, such as Employees, is adequate for users. But it doesn’t help the developer much. Some developers use a prefix or tag to identify objects by type. This practice can come in handy during programming. For example, you can easily cycle through collections and find all subforms by checking the name property for an appropriate prefix or tag. The details are up to you; I don’t advocate a one-size-fits-all convention. Find one that helps you work efficiently and apply it consistently.

2: Tables are for storing data, period

Tables are an interface used to display data, but there’s more to them than data. Field properties, such as data type and field size, help you maintain data integrity. An input mask provides a pattern for data input, and a default value can reduce input. Indexing the appropriate fields will help performance. Even the field description, which many developers ignore, is helpful. Access displays the description text in the status bar, providing a helpful hint to users. Setting the Required property to Yes eliminates the need to deal with null values (although null values are acceptable values). In addition, forms and reports inherit these attributes and properties. That means you can set them once at the table level instead of repeatedly throughout all your UI objects.

3: You can just replicate your paper forms

Paper forms are for paper — not your Access forms. Trying to replicate paper forms in Access might work, and it might not. You could end up making a lot of extra work for yourself. Let the data and the process dictate form design.

4: You need just one big form

Access will let you build a form that’s 22 inches wide, but how are you going to display it? Too much of a good thing is a nuisance. When designing forms, break processes down into small tasks and use forms to perform them. Don’t try to use one form to do it all. The larger the form, the slower it will perform, and it’s sure to overwhelm the users.

5: Wizards produce reports you can use as-is

Access wizards are pretty slick. Most of them will save you time, prevent errors, and produce an acceptable object. Unfortunately, the results of the report wizards are ugly. These wizards provide a nice start, but if you distribute one of these reports without some serious tweaks, you’ll look incompetent. Just don’t do it.

6: Wizards creates subforms, so go ahead and use them

If you run a form wizard on a multi-table query, the wizard will most likely generate a main/subform arrangement to display related data. The arrangement is sound, but controls load faster than subforms. Often, list controls are a better choice for displaying related data than subforms. Don’t settle.

7: Users don’t need to know what’s going on

One of the most grievous mistakes developers can make is to ignore the user. Impatient users are apt to do things they shouldn’t. When they don’t know what else to do, they press [Esc], [Enter], [F1], and even [Ctrl][Alt][Delete] — oops! Give users some kind of visual feedback. Let them know that a task has been successfully completed (or not). If the latter, tell them what they need to do to continue. When users need to wait for a task to complete, show them a simple meter or status message. Don’t leave them hanging.

8: Basing forms and reports on a table is just fine

Base your forms, subforms, reports, and subreports on queries rather than tables. You can easily restrict queries to return just the fields and records you really need to populate the object. In addition, you can easily adjust the underlying query to adapt to changing requirements.

9: Users should ignore empty reports

Don’t display empty reports. Users will assume something’s wrong. It might not occur to them that there’s just no data to report. Use the report object’s NoData event procedure to display an explanatory message and cancel the report as follows:

Private Sub Report_NoData(Cancel As Integer)     MsgBox "The report has no data.", vbOKOnly + vbInformation     Cancel = True End Sub

10: You’ll remember what you did

Sure you will. Anytime you strategize and choose between possible solutions, consider documenting that decision. You don’t have to write a book; most of what you do is self-explanatory. If you’re writing code, you can add a few comments, but there’s no such vehicle for objects. Consider adding an invisible text control (visible in Design view only) with a short explanation — at least leave the next guy a few breadcrumbs. (That next guy might be you!)

Additional resources

Permalink • Print • Comment
Next Page »
Made with WordPress and a healthy dose of Semiologic • Sky Gold skin by Denis de Bernardy