With Windows 10 now into its latest edition, the 1607 “Anniversary” update, it now appears, for better or worse, to be here to stay. It has generated a lot of interest; supposedly the “last version of Windows”, many expected it to be akin to Windows 7 – an improvement following a much-maligned previous Windows version. However, the reality has turned out to be somewhat different from what many were expecting.
Microsoft are now “cloud first, mobile first”, and a lot of this new strategy shows through – sometimes somewhat cynically – in Windows 10. For my sins, I’ve been involved in a Windows 10 deployment since August of 2015, so now, just over a year in, it is maybe time to share the things I’ve learned in the hope that it may give some of you a bit of help when it comes to deploying (or not deploying!) this new version of Microsoft’s flagship operating system.
This set of articles is going to expand at the rate of one a day over the next week or so, and cover a wide range of issues for those of you deploying Windows 10 – whether it be fully virtualized via Citrix XenDesktop or the like, or simply a general physical deployment. Hopefully, it will be everything you need to know!
PART 1 – EDITIONS
So you’re thinking about deploying Windows 10. For most people, the “XPocalypse”, the fiasco that was the end of Windows XP support, is the main driver towards them thinking seriously about Windows 10 deployment. They don’t want to experience that rushed debacle again, they’re very aware that Windows 7 support will end in four short years in 2020, so the time is ripe to start testing and preparing for deployment.
The first question, therefore, is quite simply – which edition of Windows 10 is the most suitable for us to deploy in our business?
Windows 10 continues the grand tradition of Microsoft simplicity by arriving in no less than eight different flavours. It comes in:-
- Mobile Enterprise
- IoT Core
- IoT Core Pro
To be honest, I thought Microsoft had finally seen sense and dropped the whole “one OS to rule them all” vision, but apparently not. The thought of Windows 10 – however cut down the IoT versions are – running on, for instance, my fridge, is not something I am keen to entertain. Imagine having to wait twenty minutes to get the bacon out because its Tuesday and the fridge is stuck on “configuring updates – 100%”. What happens if your oven or electricity meter or lightbulb blue-screens on you? It’s a world of inconvenience just waiting to happen.
|Actually this is a Windows tablet embedded in the fridge, but you get the idea|
So, ignoring all four hundred of the Windows Phone users, from the perspective of us enterprise bods, the only “desktop” editions of Windows 10 are the first four – Home, Professional, Education and Enterprise.
Home is not suitable at all for business use, lacking basic functionality we take for granted such as Domain Join, BitLocker, AppLocker, EMIE and Group Policy. Also, you have to connect directly to Windows Update for your patches and upgrades, with no option to defer them. This behaviour is covered more thoroughly in Part 2 – Servicing Branches.
Professional has landed in a lot of SMEs because of Microsoft’s “free” upgrade policy, but there is now a real push from Redmond to dumb-down the Professional version. Certain features that could be disabled in the Professional version prior to the Anniversary update via Group Policy have now been removed. These include, but are not limited to:-
- Turn off Microsoft consumer experiences (or advertisements, to use the proper term)
- Do not show Windows Tips
- Lock screen
- Disable all apps from Windows Store
Obviously, this dumbing-down of Professional is probably a push to move businesses who have benefited from the “free” Windows 10 upgrade onto the paid Enterprise version. Me, cynical?
Education and Enterprise are essentially the same, apart from two things. Firstly, the price (I’m assuming the Education SKU is the cheaper one, and obviously is only available to academic institutions). And then there are two particular features which are only available in Enterprise.
Long Term Servicing Branch is exclusive to Enterprise. More on this in part #2 (Servicing Branches), but LTSB gives you the option to engage an up-to-ten-year servicing window for applications that are not well-maintained, or on devices that are sensitive to change. We will discuss the questions you need to answer on servicing branches thoroughly in the second part of this series.
And there is a Group Policy Object called Computer Config | Admin Templates | Windows Components | Data Collection and Preview Builds | Allow Telemetry that is also exclusive to Enterprise. Setting this policy to 0 (Disabled) turns off certain aspects of Windows 10’s habit of sending data back to the mothership. More on this and other parts of the monitoring in part #4 of this series (Telemetry). But suffice to say, if you want to have access to this GPO, then you need to be on Enterprise.
So here’s a quick handy guide to selecting your Windows 10 Edition…
Pretty much boils it down to an easy enough choice!
Next part of this series, to be published tomorrow if everything goes to plan, will be on the black subject of SERVICING BRANCHES.