How are you managing windows 10 feature updates?

Soldato
Joined
30 Sep 2005
Posts
16,526
Since Windows 10 support only lasts for 18 months (30 if you are on Enterprise or Education) how are you all handling feature updates? I've decided against LTSB due to having a lot of surface devices and requiring the advanced ATP support.

Does deploying servicing updates, or upgrade task sequences go smoothly?

I'm thinking of staggering a plain old school reimage across our estate every 30 months.
 
Soldato
Joined
18 Oct 2002
Posts
8,116
Location
The Land of Roundabouts
Enterprise for the win :D
For our generic desktop users we just re-install these days, i tried a few upgrades but its a pain having new apps thrust upon users who have zero use case for such things. Though ive never had an issue from the process, it just seems to be a guessing game of when the upgrade is authorised (wsus, not sccm) to finally being installed regardless of your gpo settings, could be a day or a week ive found which is useless when you need to inform the user there next reboot may take sometime.
Reinstalling is also quicker!

One thing for sure now is thanks to MS and there desire to do such things im well versed with customising/stripping/repacking wim files.

It seems if your not drinking from the Enterprise/sccm fountain your pretty screwed when it comes to actually being able to manage the process in a professional manor.
 
Soldato
Joined
23 Jun 2005
Posts
5,298
Location
Cornwall
I asked similar a while ago... response wasn't great. Now the majority of enterprises have finally made the move to Win10 I think many are still only just discovering the changes ahead.

SCCM makes things far easier and has some cool reporting features, particularly around DO. WSUS not so much.

Depends how big your estate is really.
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
5,000 machines, although last year I considerably reduced those by using zero thin client terminals and next year we are heavily investing in a beast of a VDI platform. That should reduce the full blown windows machines to around 1,500 - 2,000.

With a team of two......YES TWO supporting 5,000 machines....zero clients and VDI is a must. It's all about working smart with as much automation as possible with the size of our team!!

We are already on SCCM 1806 which is working really well for updates, but I just wondered about feature updates. My initial thoughts about just reimaging them seems to hold weight. Luckily we also went down the AppV route when we started rolling out Windows 10 which helps massively in not having to think about locally installed software.

The team presents stats each Friday and we can clearly see how many windows 10 machines we have, and what version they are all on.
 
Soldato
Joined
18 Oct 2002
Posts
8,116
Location
The Land of Roundabouts
5000?! with the 2 of you, they must really hate you! :)

I'm guessing your geo scope is limited? I've dealt with company's of similar size and there is no way they could use appv for anything more than ~10% of there end users being spread out all over the place.

I wouldn't touch inplace upgrades if you can help, if you have the automation already setup then re-imaging is by far the better solution imo.

MS may be ok with using its customers as a test bed but id much rather go through the hassle of testing than to come in oneday to find half the estate has some random bug. (documents redirect to onedrive as an example!..)
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
5000?! with the 2 of you, they must really hate you! :)

I'm guessing your geo scope is limited? I've dealt with company's of similar size and there is no way they could use appv for anything more than ~10% of there end users being spread out all over the place.

I wouldn't touch inplace upgrades if you can help, if you have the automation already setup then re-imaging is by far the better solution imo.

MS may be ok with using its customers as a test bed but id much rather go through the hassle of testing than to come in oneday to find half the estate has some random bug. (documents redirect to onedrive as an example!..)

No, I manage the team but staffing costs are limited. We only have two guys looking after the desktop estate among other things.
Three main sites, links are good so AppV is a winner. The packages are all cached though.
 
Soldato
Joined
23 Jun 2005
Posts
5,298
Location
Cornwall
Out of interest do you utilise disk encryption on your remote users? and if so is the solution compatible for allowing feature updates whilst in an encrypted state?
 
Soldato
Joined
31 Dec 2003
Posts
4,647
Location
Stoke on Trent
Since Windows 10 support only lasts for 18 months (30 if you are on Enterprise or Education) how are you all handling feature updates?

We chose to ignore them, now we'll have to revisit our fleet of 11,000 machines spread over 35 countries because no-one listened.
The packages are all cached though.
Mind me asking what apps do you have in that format? does it leave you with literally zero apps to install? Also what do you mean by cached? Cached on the local machine so they don't need to talk to the app v server too much?
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
We chose to ignore them, now we'll have to revisit our fleet of 11,000 machines spread over 35 countries because no-one listened.

Mind me asking what apps do you have in that format? does it leave you with literally zero apps to install? Also what do you mean by cached? Cached on the local machine so they don't need to talk to the app v server too much?

The SCCM gold image contains Windows 10, Office 2016, All stuff like .Net and C++
The Task Sequence installs Google Chrome locally and a firewall agent

Everything else is AppV. You either have the choice to cache or stream. Basically caching pulls the package from the network and keeps it on the local disk. The end user notices no difference between a locally installed app, and one running from AppV.

Doing this for stuff like Java apps is a godsend as you can run different versions of java on the same machine via what's called connection groups. If anything needs an update or tweak, we do it once and everything filters down across the network.

There are a few small exceptions. We have a few machines which need some massive applications, or weird old ones which hook into drivers so we just either install those manually, or deploy from SCCM.
 
Soldato
Joined
31 Dec 2003
Posts
4,647
Location
Stoke on Trent
The SCCM gold image contains Windows 10, Office 2016, All stuff like .Net and C++
The Task Sequence installs Google Chrome locally and a firewall agent

Everything else is AppV. You either have the choice to cache or stream. Basically caching pulls the package from the network and keeps it on the local disk. The end user notices no difference between a locally installed app, and one running from AppV.

Doing this for stuff like Java apps is a godsend as you can run different versions of java on the same machine via what's called connection groups. If anything needs an update or tweak, we do it once and everything filters down across the network.

There are a few small exceptions. We have a few machines which need some massive applications, or weird old ones which hook into drivers so we just either install those manually, or deploy from SCCM.
you've done exceptionally well to organise all that between 3 of you. I was in a team of 4 focussing on these kind of technologies with the backing of 2 outsourcers at my disposal and we didn't reach a solution as slick as that. No outsourcers we went to seemed to know what they were doing either so it relied upon a high level of technical awareness/competency internally.
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
you've done exceptionally well to organise all that between 3 of you. I was in a team of 4 focussing on these kind of technologies with the backing of 2 outsourcers at my disposal and we didn't reach a solution as slick as that. No outsourcers we went to seemed to know what they were doing either so it relied upon a high level of technical awareness/competency internally.

haha, you must be joking. I did it all myself. The other two were apprentices on 1st line not long ago.
I'm basically group head of IT, third line engineer and tea boy ;)

Not going to mention about all the international sites. They do pay me well though, and I'm left to do what I like so I'm happy.

The real saviour though is RDS and VDI through dumb linux terminals. Without that we'd really be up poo creek.
 
Last edited:
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
Businesses around the world now have less than a year to move off Windows 7.....and they still don't understand the Windows 10 lifecycle model eek!

How do some of these managers, become managers?
 
Back
Top Bottom