At the time of this writing Windows 10 is now a year and half old, and Microsoft’s vision for the Windows 10 operating system is clear. Unlike previous versions of Windows, once you have Windows 10 future upgrades are free and automatic. Also, unlike previous versions these upgrades are closer to a new version of Windows, than the largest service pack ever was.
These versions of Windows 10 often have a catchy name such as “Anniversary Update” or “Creator’s Update” and they have internal build numbers. Finally, they also have a version number of the year and month of release. At the time of this writing the latest build is 1703 for March 2017.
For businesses of all sizes, these upgrades present a new challenge that earlier versions of Windows didn’t have. The biggest challenge is how to deal with this upgrade, while trying to keep folks productive with their computers. Two other factors come into play, related to the upgrades:
The default behavior of Windows 10, when not joined to an Active Directory domain is to automatically check for updates (patches to the operating system, that have been around with most other versions of Windows) and upgrades (basically a new version of Windows, that runs a setup program) and install these on a schedule chosen by Microsoft. For the “average” home user, this setup is probably okay, but it is certainly not how computers in a business should function.
To address these issues, Microsoft has made some tools available to businesses with Windows Server deployed. The best, and most import tool in our opinion is Active Directory. There are numerous reasons Active Directory is a good choice to implement in organizations with more than a few people. In relation to Windows 10 updates and upgrades AD allows an organization to more finely configure how and when they are installed using Group Policy Objects.
Microsoft Windows Server also includes Windows Server Update Services, which allows and organization to locally store, and deploy specific updates to sets of computers. With WSUS, Windows updates and upgrades can even be delayed indefinitely, however, for security reasons this is not something we would recommend. For WSUS to work, AD must already be setup and working.
As mentioned earlier Microsoft also has Servicing Branches of Windows that dictate how the system is updated. The Branches are as follows:
The Long Term Servicing Branch is the closest to traditional Windows from an update and upgrade standpoint. It is a stable version of Windows that receives standard security updates from Microsoft for ten years. An important point to note is that LTSB is only supported on the Enterprise version of Windows 10, one can’t use the Professional version of Windows. Also, with LTSB Universal Windows Applications are not supported, so this version probably isn’t what most end users would work with on a day to day basis.
The Current Branch is the latest version of Microsoft Windows 10 and is the same as what is deployed to home users from a functionality standpoint. From a business standpoint, this version is one that should be considered because bug fixes are sometimes only included in the “latest” version, and a specific fix may impact business functionality.
We feel that most computers in a business should be running either the CBB or the CB, and LTSB is best fit on single purpose computers, such as cash registers or control systems. Also, note that Windows 10 Enterprise requires some type of Microsoft Volume license, and Software Assurance can add flexibility to the licensing.
Another point to consider is new system builds. When building a system, it may make the most sense to build it with the latest version of Windows 10 that your organization is using, rather than building it, and then upgrading it. To facilitate these system builds, it may work out to have a “gold” image that has minimal changes from the standard release delivered by Microsoft, and then have a post install script that does all software installation and system customization. Another advantage of this approach is that support and drivers for the newest hardware may only be included in a later version of Windows. Historically, in this type of situation, drivers would need to be slip streamed in, and now it is taken care of automatically with the newer version of Windows.
If using a tool such as Microsoft’s Windows Deployment Services which is also included in Microsoft Windows Server, one should take care to update the boot image (small Windows pre-execution environment used to configure storage and start the initial Windows installation) when updating the install image. In our testing, we have found that using newer boot images still allows for support of older operating systems such as Windows 7 or Windows Server 2008 R2.
After Windows 10 has been deployed to an organization, upgrading from one version to a new version should be handled with care. We have found it may be beneficial to do these upgrades outside of the normal update process. First the new version should be thoroughly tested to confirm it will have a minimum impact on the computing environment. Secondly it should be deployed in a controlled, and initially limited manner. It is far better to break a small number of systems, that you are prepared for ahead of time.
Microsoft’s change to releasing a basically new operating system at least once per year is something that businesses large and small are going to have address. Fortunately, there are tools and processes available to make this a manageable change. If you need help Understanding Windows 10 Upgrades for your Business, reach out to us and we will be glad to help you.