The truth is, if windows is in charge of your hardware, your in a bad state....
Over the last twenty years, the only way I have been able to feel pretty comfortable about that "windows" machine is by using time-travel. As in, either re-imaging the host to a time when "Life was Good" ( before the attack) or by writing to each block using dd & then re-installing Windows from scratch.
The above method is still valid today.
So what do we.
1) Host OS is Linux, period....
2) KVM spins up the number of Windows instances required, Windows qcow2 image snapshots, every twelve hours.
3) Storage, snapshots every six hours. (Windows OS or storage array)
Now when disaster strikes, we simply go back & apply any patches required,its very quick & your operational within a few hours.
So why are you posting on LinkedIn Imran....?
Because....I just don't have the time or the effort to try & persuade windows super-doopa admins or other bureaucrats who are ego lobbying. It frustrates the hell out of me!
The solutions are simple & the world needs to hurry up & get with the program that Windows will never be safe from attack due to its super mammoth modularized kernel which has attack vectors all over the freakin place..
May the force be with you......