• Home  / 
  • Research  / 

Notes and slides from the Learn about Windows 10 Enterprise deployment pre-day at Microsoft Ignite 2016

Thanks for a fantastic pre-day at Microsoft Ignite 2016. Here are notes and slides from the Learn about Windows 10 Enterprise deployment (#PRE09) sessions, compiled by Ami Casto (@mdtpro), who also helped out answering the questions coming in via Twitter (If you're not on Twitter, get on Twitter).

The #PRE09 team, from left: Johan Arwidmark, Ami Casto, Mikael Nystrom and Michael Niehaus.

Windows as a Service

Docs – Overview of Windows as a Service


Windows as a Service slides from #PRE09



There is no difference between Current Branch (CB) and Current Branch for Business (CBB).  CBB is the "go" flag that everything is ironed out in CB and is expected to be really stable for business use. Insider preview process – 6 months. Current branch for pilot then broad deployment -16 months

LTSB is not for standard enterprise use but rather for fragile systems that aren't tolerant to change for example an endpoint at a power plant with a very specific job.

You have 30 days to roll back an in-place upgrade except for 1607 going forward – you've got 10 days.

During Current Branch MSFT has all hands on deck monitoring feedback on the build providing quick fixes.

Most orgs deploy security updates only and then select updates for errors as they come up – maybe this is why you think Windows is unstable. 

MSFT tests with fully patched endpoints – this is why Windows 10 is all updates rather than getting to pick what you want. MSFT wants to get away from a fragmented patch environment. This is also going to be implemented for older operating systems starting October 2016.

Further simplifying servicing models for Windows 7 and Windows 8.1


Does CBB include all fixes? CB and CBB aren't different things – they are the exact same thing, just declaring the existing version is now ready for broad deployment

Over time, MSFT wants to get away from the PC imaging process- it's costly because it requires every IT pro to touch a PC in a traditional setup (even to plug in the network cable, F12 to PXE, etc.).  Dynamic provisioning environment is the goal of the future.

Can you skip a version? Yes – you have about 6 months to get from v1511 to whatever comes after 1607 – so it's high risk, especially for large environments.  If you have to, then just pick the PC's that absolutely can't run 1607.

Windows 10 Deployments – Readiness

Supporting Infra to make Win10 deploy work:

  • MDT 2013 U2
  • ConfigMgr Current Branch 1606
  • Windows ADK 10 v1607

Configure telemetry in your org and then use that for upgrade analytics

Manage Windows upgrades with Upgrade Analytics


Windows Upgrade Analytics Service


Install the "Get Windows 10" hotfixes to turn on telemetry in Windows 7 and Windows 8.x – these weren't published to WSUS but rather can be manually downloaded then deployed.

Most legacy apps are unaware they are running on Windows 10 – good for compatibility! Current Branch is the best time to test and deal with application compatibility issues, not CBB.

Windows 10 deployment scenarios


Windows 10 Upgrade Limitations


List of Windows 10 features that requires UEFI


Windows 10 Deployments – Reference Images

Do I really need a ref image? Depends – if vanilla windows no apps, then no.  The minute you customize, yes.  What is the maximum time allowed, or if there is no max time, how much time do you as the deployment tech want to spend?

PowerShell is King – Building a Reference Image Factory


MDT/SCCM Task Sequence Documenter

Windows 10 Deployments – Using ConfigMgr Current Branch v1606

Use the OSDSetupAdditionalUpgradeOptions variable to specify additional command-line switches to the ConfigMgr task sequence that runs In-place upgrade like /InstallLangPacks or /ReflectDrivers. The /ReflectDrivers switch is new in Windows 10 v1607.

In ConfigMgr, if possible, don't use multiple boot images in PXE – the one you deployed the last is the one that gets used.  If you HAVE to, then at least separate by collection or use boot media for off devices.

Deploying a new OS is a great time to clean house on legacy GPOs.  There are also legacy GPOs that aren't supported in Windows 10 or that create unexpected/undesired results.

Administrative Templates (.admx) for Windows 10 and Server 2016


These are the policies that only apply for Windows 10 Enterprise (and Education)


Fix BitLocker pre-provisioning with Windows 7 when using Windows 10 ADK:

Windows versions prior Windows 10 build 1511 fail to start after "Setup Windows and Configuration Manager" step when Pre-Provision BitLocker is used with Windows PE 10.0.586.0 (1511)


Windows 10 Deployments – Assigning Settings

CustomSettings.ini based on Computer type and location


MDT Simulation environment


Windows 10 Deployment – Computer Refresh and Computer Replace Scenarios

In MDT, there is an action that automatically generates a backup template for known file types, based on what applications that are installed. It's the Generate application Migration File (step in MDT)

Windows 10 Deployment – UE-V

UE-V is the joy of Roaming Profiles without the headache of Roaming Profiles.

Use UE-V Settings Template for PowerShell ISE


Windows 10 Deployment – ADMX Templates and Customizing Start menu / Taskbar

Administrative Templates (ADMX) for #Windows 10 v1607 (and Windows Server 2016)


Tip: Use a custom start menu layout to prevent "empty tiles" after setting consumer experience GPO.

Customize and export Start layout


Configure Windows 10 taskbar


Windows 10 Deployment – Setting up a lab

Hydration Kit for ConfigMgr


About the author

Johan Arwidmark

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments