Thanks for a fantastic pre-day at Microsoft Ignite 2016. Here are notes and slides from the Learn about Windows 10 Enterprise deployment (#PRE09) sessions, compiled by Ami Casto (@mdtpro), who also helped out answering the questions coming in via Twitter (If you're not on Twitter, get on Twitter).
Windows as a Service
Docs – Overview of Windows as a Service
Windows as a Service slides from #PRE09
There is no difference between Current Branch (CB) and Current Branch for Business (CBB). CBB is the "go" flag that everything is ironed out in CB and is expected to be really stable for business use. Insider preview process – 6 months. Current branch for pilot then broad deployment -16 months
LTSB is not for standard enterprise use but rather for fragile systems that aren't tolerant to change for example an endpoint at a power plant with a very specific job.
You have 30 days to roll back an in-place upgrade except for 1607 going forward – you've got 10 days.
During Current Branch MSFT has all hands on deck monitoring feedback on the build providing quick fixes.
Most orgs deploy security updates only and then select updates for errors as they come up – maybe this is why you think Windows is unstable.
MSFT tests with fully patched endpoints – this is why Windows 10 is all updates rather than getting to pick what you want. MSFT wants to get away from a fragmented patch environment. This is also going to be implemented for older operating systems starting October 2016.
Further simplifying servicing models for Windows 7 and Windows 8.1
Does CBB include all fixes? CB and CBB aren't different things – they are the exact same thing, just declaring the existing version is now ready for broad deployment
Over time, MSFT wants to get away from the PC imaging process- it's costly because it requires every IT pro to touch a PC in a traditional setup (even to plug in the network cable, F12 to PXE, etc.). Dynamic provisioning environment is the goal of the future.
Can you skip a version? Yes – you have about 6 months to get from v1511 to whatever comes after 1607 – so it's high risk, especially for large environments. If you have to, then just pick the PC's that absolutely can't run 1607.
Windows 10 Deployments – Readiness
Supporting Infra to make Win10 deploy work:
- MDT 2013 U2
- ConfigMgr Current Branch 1606
- Windows ADK 10 v1607
- WDS PXE
Configure telemetry in your org and then use that for upgrade analytics
Manage Windows upgrades with Upgrade Analytics
Windows Upgrade Analytics Service
Install the "Get Windows 10" hotfixes to turn on telemetry in Windows 7 and Windows 8.x – these weren't published to WSUS but rather can be manually downloaded then deployed.
Most legacy apps are unaware they are running on Windows 10 – good for compatibility! Current Branch is the best time to test and deal with application compatibility issues, not CBB.
Windows 10 deployment scenarios
Windows 10 Upgrade Limitations
List of Windows 10 features that requires UEFI
Windows 10 Deployments – Reference Images
Do I really need a ref image? Depends – if vanilla windows no apps, then no. The minute you customize, yes. What is the maximum time allowed, or if there is no max time, how much time do you as the deployment tech want to spend?
PowerShell is King – Building a Reference Image Factory
MDT/SCCM Task Sequence Documenter
Windows 10 Deployments – Using ConfigMgr Current Branch v1606
Use the OSDSetupAdditionalUpgradeOptions variable to specify additional command-line switches to the ConfigMgr task sequence that runs In-place upgrade like /InstallLangPacks or /ReflectDrivers. The /ReflectDrivers switch is new in Windows 10 v1607.
In ConfigMgr, if possible, don't use multiple boot images in PXE – the one you deployed the last is the one that gets used. If you HAVE to, then at least separate by collection or use boot media for off devices.
Deploying a new OS is a great time to clean house on legacy GPOs. There are also legacy GPOs that aren't supported in Windows 10 or that create unexpected/undesired results.
Administrative Templates (.admx) for Windows 10 and Server 2016
These are the policies that only apply for Windows 10 Enterprise (and Education)
Fix BitLocker pre-provisioning with Windows 7 when using Windows 10 ADK:
Windows versions prior Windows 10 build 1511 fail to start after "Setup Windows and Configuration Manager" step when Pre-Provision BitLocker is used with Windows PE 10.0.586.0 (1511)
Windows 10 Deployments – Assigning Settings
CustomSettings.ini based on Computer type and location
MDT Simulation environment
Windows 10 Deployment – Computer Refresh and Computer Replace Scenarios
In MDT, there is an action that automatically generates a backup template for known file types, based on what applications that are installed. It's the Generate application Migration File (step in MDT)
Windows 10 Deployment – UE-V
UE-V is the joy of Roaming Profiles without the headache of Roaming Profiles.
Use UE-V Settings Template for PowerShell ISE
Windows 10 Deployment – ADMX Templates and Customizing Start menu / Taskbar
Administrative Templates (ADMX) for #Windows 10 v1607 (and Windows Server 2016)
Tip: Use a custom start menu layout to prevent "empty tiles" after setting consumer experience GPO.
Customize and export Start layout
Configure Windows 10 taskbar
Windows 10 Deployment – Setting up a lab
Hydration Kit for ConfigMgr