Vol. 20, #48 - November 30, 2015 - Issue #1058
What the new Windows 10 servicing model means for businesses
- Editor's Corner
- What the new Windows 10 servicing model means for businesses
- Send us your feedback
- Recommended for Learning
- Microsoft Virtual Academy
- Registration is Open for Cloud Admin CON 2015
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- This Week's Tips
- Windows 10 - Opening TCP/IP properties of a VPN connection
- Windows 10 - Training videos
- ConfigMgr - Import Certificates using SCCM
- Events Calendar
- North America
- Tech Briefing
- Cloud computing
- Enterprise IT
- Windows Server
- Recommended TechGenix Articles
- Recommended articles from websites in TechGenix Network
- Other Articles of Interest
- OpenShift or Cloud Foundry for open source PaaS: Know the difference
- Application containers missing one big feature
- VDIs require specific hyper-converged systems - which one is for you?
- Making the decision to transition to self-service catalogs
- WServerNews FAVE Links
- That's How A Gymnast Goes To Bed
- Magician Dan White - Astounding Magic
- Mog's Christian Calamity
- Little Chinese Girl Puts 5 Animals To Sleep On Stage In 5 Minutes
- WServerNews - Product of the Week
- Deep Packet Inspection for Quality of Experience Monitoring
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about the new Windows 10 servicing options and what they may mean for businesses both large and small. We also have the usual tips, tools and resources for IT pros who need to keep abreast of things and be able to get stuff done.Servicing refers to keeping computers up to date with updates, fixes and the latest features as they come out. The problem with servicing is twofold: first, it requires work; and second, if you don't service computers your users may start to complain as this Dilbert comic illustrates:
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]
What the new Windows 10 servicing model means for businesses
Despite all the new bells and whistles, probably the biggest change in Windows 10 as far as IT professionals concerned is no more service packs. With previous versions of Windows, Microsoft would periodically release service packs that included all software updates since the initial release of that Windows version and which occasionally also included new features. Service packs were typically released every year or so. Windows 2000 actually had four service packs released during its product lifetime, while Windows XP Service Pack 2 included some major security improvements to the platform including a much-needed host firewall, a popup blocker and security zones for Internet Explorer, new Automatic Updates settings and mechanisms, and other much-needed features for XP. But on the whole service packs usually only included fixes--new features were delayed until the next major release of the product.
So why were service packs so loved by IT departments? Because they could delay installing a new version of Windows until the first service pack was released for that version. Like any other business these days, Microsoft often pushes its products out the door before they're ready, and rather than be unwitting beta testers, most organizations preferred to sit and wait for early adopters to take the heat. Then when Microsoft had fixed most of the issues with the initial release and had packaged all the fixes together as Service Pack 1, the IT department would download the new Windows image with SP1 baked into it from the Microsoft Volume Licensing website and begin serious piloting of the new Windows version with a view to deploying it.
Well as I'm sure you are aware of by now, service packs are now gone because Windows 10 has a completely different servicing model than that used for previous versions of Windows. Microsoft now offers Windows 10 in four different branches:
Windows Insider Program - Deploying from this branch basically lets you beta test new features before they are considered ready for prime time use.
Current Branch (CB) - This is the flavor of Windows 10 that users of Windows 10 Home Edition users are basically locked into (unless they want to take a chance and participate in the Windows Insider Program). New releases of Windows 10 are expected to be provided two or three times per year for machines on this branch. These releases will include new and updated features and core applications, and Windows 10 Home machines will automatically download and upgrade to each new release as it becomes available.
Current Branch for Business (CBB) - This branch is the default for Windows 10 Professional Education and Enterprise editions and it differs from CB in two main ways. First, each CBB release will appear about four months after the corresponding CB release appears first. This probably means the CBB release will include all the patches that have appeared in the previous four months to address the complaints of Home Edition users who upgraded to the corresponding CB release. And second, administrators can configure Group Policy to defer upgrade of Professional, Education and Enterprise machines for an additional eight months so they can perform testing to ensure the new release won't break existing applications and systems. However, once the eight months are up the machines on the CBB will be automatically upgraded to the new release just like Home edition users on the CB, and there's no way of stopping this from happening with CBB.
Long-Term Servicing Branch (LTSB) - This branch basically follows a servicing model similar to the old service pack approach. The LTSB option is only available for Windows 10 Enterprise Edition, so you'll need a volume licensing agreement with Microsoft if you want to deploy it. And since Enterprise edition can support either the CBB or LTSB branches, there are two separate ISO images on the volume licensing site for you to choose from depending on whether you want to deploy machines from the CBB or LTSB branches. I suspect that new releases (ISOs) for LTSB will appear every couple of years or so, similar to how service packs were delivered except you might need to wipe and reinstall instead of upgrade (it's not clear at this point). One thing to note however is that these LTSB images don't include a number of Windows 10 features such as Cortana, Microsoft Edge, the Windows Store, or the Mail and Calendar apps. The reasoning behind this is probably that these features are constantly being tweaked by Microsoft, so including them would violate the raison d'etre of the LTSB. As a result, Microsoft is positioning LTSB as primarily for special use machines like point-of-sale systems, kiosk computers, and ATM machines, and they're basically pushing organizations to use CBB if they have volume licensing agreements.
You can read more about these different branches on TechNet:
So what does all this mean for businesses who are still running Windows 7 and have been waiting for a new version of Windows they feel comfortable about deploying (or businesses who deployed Windows 8/8.1 and can't wait to get rid of it)? For organizations that deploy anything from a handful of client computers to thousands or ten thousands of them, I think it may mean several things:
- Windows deployment will no longer be something you think about every five years or so. Instead, you'll need pilot and test new Windows releases regularly as they appear every few months, because like it or not your systems will end up running them sooner (CB) or later (CBB).
- Helpdesk support for Windows 10 may be a nightmare. CBB releases may overlap for some organizations if certain departments finish their testing before others have. And employees who have Windows 10 at home and are on the CB may have apps that function differently than how those same apps function at their workplace.
- Training for Windows 10 will obviously be impacted as well. I mean, what's the point of developing courseware or writing a book for a Windows release that will be out of date in 4-6 months? HR departments will like throw up their hands and just say "You'll just have to figure it out on your own" to users who are puzzled by how to accomplish certain tasks on their machines.
- Users who are older and are therefore generally more resistant to change are going to be frustrated with using Windows 10 when they discover settings changing and apps moving around every few months when their machines are automatically upgraded to the latest release. Since I use an iPad for entertainment, I'm gradually becoming immune to such things since Apple does this type of thing regularly with their platform, but it annoys me when Windows which I use for business purposes decides to emulate Apple in this regard because I value productivity, and moving apps around or changing settings (or removing them entirely) impacts my productivity.
- I'm sure many of you readers can think of some additional likely consequences of the new Windows 10 servicing model. Email me at [email protected] if you'd like to share your thoughts either positive or negative in this regard.
Of course I get the reasoning Microsoft has for making these changes to the Windows servicing model--it's about maintaining the code base, not about pleasing the customer. The obvious goal Microsoft has here is to gradually remove outdated Windows features and replace them with new features that are more secure and especially are easier for Microsoft to maintain and refine. An example is the Control Panel which has been a key part of Windows since I don't know when and which has gradually become more and more bloated over the years are more and more CPL utilities keep getting added. Awhile back The Windows Club (TWC) posted a scary news item "Control Panel will be phased out in Windows 10" that set the Twittersphere afire:
Numerous twitters complained that the Settings app in Windows 10 was woefully inadequate as a replacement for Control Panel, but Microsoft later clarified that Control Panel will be *eventually* phased out i.e. once the Settings app has full functional equivalency. It's obvious to me that the real reason Microsoft wants to eliminate Control Panel is simply to get rid of all that legacy code involved and replace it with nice shiny new code that is easier for them to maintain. Ultimately that will be a good thing. The problem however is that we'll all be experiencing several years of pain until Microsoft gets there.
Send us your feedback
Got feedback about anything in this issue of WServerNews? Email us at [email protected]
Recommended for Learning
New book: Windows 10 Step by Step
We're pleased to announce the availability of Windows 10 Step by Step (ISBN 9780735697959), by Joan Lambert and Steve Lambert. This is learning made easy. Get more done quickly with Windows 10. Jump in wherever you need answers—brisk lessons and colorful screenshots show you exactly what to do, step by step.
Find out more about this book and read two sample chapters here:
Microsoft Virtual Academy
Software-Defined Datacenter (SDDC) with Windows Server 2016 Preview
Controlled by policy-driven software, the software-defined datacenter (SDDC) brings the flexibility of virtualization to your existing infrastructure. In this series, Microsoft Technical Evangelist Matt McSpirit sits down with engineers building Windows Server 2016 Preview / Microsoft System Center Technical Preview to help you get started with SDDC. Learn with real-life demo scenarios, explore Nano Server, and learn about improved operational efficiency, security, performance, and more. View the series here:
Getting Started with PowerShell Desired State Configuration (DSC)
Watch this course to get the latest on this fast-moving technology, directly from PowerShell inventor, Microsoft Distinguished Engineer Jeffrey Snover, and PowerShell MVP Jason Helmick! Using DSC as your management platform, you can control the deployment, maintenance, and configuration of your traditional datacenter and apply that knowledge to a hybrid environment.
Quote of the Week
"The key to success is sincerity. Once you can fake that, you've got it made." -- Groucho Marx
Until next week,
Note to subscribers: If for some reason you don't receive your weekly issue of this newsletter, please notify us at [email protected] and we'll try to troubleshoot things from our end.
Restore your SQL databases to a precise point in time with agentless transaction log backup and replay. Get Veeam Explorer for Microsoft SQL Server.
Azure-powershell-extensions is a PowerShell module to simplify interaction with the Microsoft Azure platform, on top of the core Azure PowerShell experience:
UltraVNC Server and Viewer are a powerful, easy to use, free software that can display the screen of one computer (Server) on the screen of another (Viewer):
SQL Nexus is a tool that helps you identify the root cause of SQL Server performance issues:
GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]
GOT TIPS you'd like to share with other readers? Email us at [email protected]
Windows 10 - Opening TCP/IP properties of a VPN connection
Back in the Mailbag section of Issue #1053 Understanding AD Mod, a reader named Clive mentioned a frustrating "quirk" he discovered with regard to VPN connections on Windows 10:
Following on from your quirks of Windows 10 I'd like to add a couple for you. Set up a VPN and try to change the IPv4 settings to untick the Use Default Gateway option. Then, try to use the VPN at logon. I've not found how to access it before logon yet.
A reader named Jonathan later emailed us to echo his frustration with this problem:
I am extremely interested in finding out if anyone knows how to do this because it is hampering my efforts in using VPNs because without the ability to do this, every time I make a VPN connection all other network connections are cut off. This is unacceptable.
I suggested he post this to one of the TechNet forums, and he did and quickly received an answer that resolved the problem, and we're reporting what Jonathan said here so other readers can benefit from this:
I put out a query concerning this on TechNet and got a quick reply from a user named Hessam. PowerShell to the rescue!
1. Open PowerShell (Run as administrator)
2. (Optional) Get the properties of your VPN Connections: Get-VpnConnection
3. Set the "SplitTunneling" property (which is the same as "Use remote gateway"): Set-VpnConnection "VPN Name" -SplitTunneling $True
4. (Optional) Check the properties of your VPN Connections: Get-VpnConnection
I used that and it fixed my problem. The VPN now has the remote gateway option disabled and when I tried it out none of my other network connections were disrupted. --Jonathan
EWindows 10 - Training videos
The Microsoft UK Further Education Blog has a helpful tutorial series on various Windows 10 features that some users might find helpful. Here are links to the posts for these videos:
Windows 10 Training Videos - Overview of Windows 10
Windows 10 Training videos - Familiar and better than ever
Windows 10 Training videos - Settings and Customisation
Windows 10 Training Videos - Universal Apps
Windows 10 Training videos - Increased Browser Functionality with Microsoft Edge
Windows 10 Training videos - Sharing Files and Syncing to the Cloud
Windows 10 video tutorials - Increased Productivity with Multi-Doing
ConfigMgr - Import Certificates using SCCM
Here's a tip from Matt Tinney on how you can import certificates using SCCM.
To import a certificate using SCCM, use certutil in either PowerShell or a bat file. Create an application of all your certs and use a script to import them. For the detection method, you will find the certificates at:
Figure 1: Import Certificates using SCCM
Under each store will be a Certificates key containing the certs in a GUID form. This GUID will be same for a certificate on every computer. You can use a registry detection method to detect if your certificate is present. To find which certificate is added, just compare the GUIDs before and after import.
Matt Tinney is CEO and founder of Windows Management Experts (WME) a leader in Microsoft System Center technologies that helps customers reduce IT operations cost through services and solutions:
Convergence on April 4-7, 2016 in New Orleans USA
2016 Microsoft Worldwide Partner Conference on July 10-14, 2016 in Toronto Canada
Ignite on September 26-30, 2016 in Atlanta USA
Convergence 2015 EMEA on Nov 30 - Dec 2, 2015 in Barcelona Spain
Add Your Event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]
The Great Confusion of Azure IP Address (Wriju's Blog)
Running Exchange Production Servers in Microsoft Azure (MSExchange.org)
Cloud security controls series: Encrypting Data at Rest (Cyber Trust Blog)
Big Data-As-A-Service (CloudComputingAdmin.com)
Active Directory Insights (Part 6) - Domain controllers and NIC teaming (WindowsNetworking.com)
Forensics: Automating Active Directory Account Lockout Search with PowerShell (an example of deep XML filtering of event logs across multiple servers in parallel) (Goatee PFE)
Site-aware Failover Clusters in Windows Server 2016 (Clustering and High Availability Blog)
Windows Container Video Series (Steve Lasker)
Herding cats in the cloud (Part 2)
Secure services and resources with AWS Identity and Access Management (Part 4)
Updates and Servicing in ConfigMgr TP3
Microsoft Ignites a new Focus on Security (Part 8)
Getting to Know the Enterprise Mobility Suite (Part 3)
OpenShift or Cloud Foundry for open source PaaS: Know the difference
Choosing the right cloud development platform is more important now than ever before—and there are two clear frontrunners for open source PaaS tools: OpenShift and Cloud Foundry. Find out the difference between the two and determine which is right for your business to commit to long term.
Application containers missing one big feature
As application containers continue to grow in popularity, IT admins have noticed they are missing one big feature: container management tools. Discover the pros and cons of these tools and whether or not they are even completely necessary.
VDIs require specific hyper-converged systems—which one is for you?
Finding the right hyper-converged infrastructure system can make all the difference in your virtual desktop environment, but differentiating between such similar products creates its own world of obstacles. Find out which hyper-converged systems are best for your VDI.
Making the decision to transition to self-service catalogs
As legacy systems become more obsolete, the way that businesses perceive and use IT is changing. Developing self-service portals is becoming the next big thing to speed up IT requests and make everyone's life easier. Learn more about service catalogs and whether you should make the decision to transition.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
That's How A Gymnast Goes To Bed
How gymnasts go to bed: A girl backflips onto the bed and under the covers in one elegant motion:
Magician Dan White - Astounding Magic
Magician Dan White amazes 'Good Morning America' host and football player Michael Strahan as well as the entire studio audience:
Mog's Christmas Calamity
'Mog' the cat sets off a chain of unfortunate events which almost ruins Christmas for the Thomas family:
Little Chinese Girl Puts 5 Animals To Sleep On Stage In 5 Minutes
A little Chinese girl has an unusual talent: She puts a dog, a lizard, a frog, a chicken and a rabbit to sleep on stage on live television:
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.