1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How are you managing windows 10 feature updates?

Discussion in 'Servers and Enterprise Solutions' started by TheOracle, Dec 6, 2018.

  1. TheOracle

    Capodecina

    Joined: Sep 30, 2005

    Posts: 10,939

    Since Windows 10 support only lasts for 18 months (30 if you are on Enterprise or Education) how are you all handling feature updates? I've decided against LTSB due to having a lot of surface devices and requiring the advanced ATP support.

    Does deploying servicing updates, or upgrade task sequences go smoothly?

    I'm thinking of staggering a plain old school reimage across our estate every 30 months.
     
  2. LizardKing

    Sgarrista

    Joined: Oct 18, 2002

    Posts: 7,529

    Location: The Land of Roundabouts

    Enterprise for the win :D
    For our generic desktop users we just re-install these days, i tried a few upgrades but its a pain having new apps thrust upon users who have zero use case for such things. Though ive never had an issue from the process, it just seems to be a guessing game of when the upgrade is authorised (wsus, not sccm) to finally being installed regardless of your gpo settings, could be a day or a week ive found which is useless when you need to inform the user there next reboot may take sometime.
    Reinstalling is also quicker!

    One thing for sure now is thanks to MS and there desire to do such things im well versed with customising/stripping/repacking wim files.

    It seems if your not drinking from the Enterprise/sccm fountain your pretty screwed when it comes to actually being able to manage the process in a professional manor.
     
  3. fonzee

    Soldato

    Joined: Jun 23, 2005

    Posts: 5,285

    Location: Cornwall

    I asked similar a while ago... response wasn't great. Now the majority of enterprises have finally made the move to Win10 I think many are still only just discovering the changes ahead.

    SCCM makes things far easier and has some cool reporting features, particularly around DO. WSUS not so much.

    Depends how big your estate is really.
     
  4. TheOracle

    Capodecina

    Joined: Sep 30, 2005

    Posts: 10,939

    5,000 machines, although last year I considerably reduced those by using zero thin client terminals and next year we are heavily investing in a beast of a VDI platform. That should reduce the full blown windows machines to around 1,500 - 2,000.

    With a team of two......YES TWO supporting 5,000 machines....zero clients and VDI is a must. It's all about working smart with as much automation as possible with the size of our team!!

    We are already on SCCM 1806 which is working really well for updates, but I just wondered about feature updates. My initial thoughts about just reimaging them seems to hold weight. Luckily we also went down the AppV route when we started rolling out Windows 10 which helps massively in not having to think about locally installed software.

    The team presents stats each Friday and we can clearly see how many windows 10 machines we have, and what version they are all on.
     
  5. LizardKing

    Sgarrista

    Joined: Oct 18, 2002

    Posts: 7,529

    Location: The Land of Roundabouts

    5000?! with the 2 of you, they must really hate you! :)

    I'm guessing your geo scope is limited? I've dealt with company's of similar size and there is no way they could use appv for anything more than ~10% of there end users being spread out all over the place.

    I wouldn't touch inplace upgrades if you can help, if you have the automation already setup then re-imaging is by far the better solution imo.

    MS may be ok with using its customers as a test bed but id much rather go through the hassle of testing than to come in oneday to find half the estate has some random bug. (documents redirect to onedrive as an example!..)
     
  6. TheOracle

    Capodecina

    Joined: Sep 30, 2005

    Posts: 10,939

    No, I manage the team but staffing costs are limited. We only have two guys looking after the desktop estate among other things.
    Three main sites, links are good so AppV is a winner. The packages are all cached though.
     
  7. fonzee

    Soldato

    Joined: Jun 23, 2005

    Posts: 5,285

    Location: Cornwall

    Out of interest do you utilise disk encryption on your remote users? and if so is the solution compatible for allowing feature updates whilst in an encrypted state?
     
  8. steinooo

    Mobster

    Joined: Dec 31, 2003

    Posts: 4,442

    We chose to ignore them, now we'll have to revisit our fleet of 11,000 machines spread over 35 countries because no-one listened.
    Mind me asking what apps do you have in that format? does it leave you with literally zero apps to install? Also what do you mean by cached? Cached on the local machine so they don't need to talk to the app v server too much?
     
  9. TheOracle

    Capodecina

    Joined: Sep 30, 2005

    Posts: 10,939

    The SCCM gold image contains Windows 10, Office 2016, All stuff like .Net and C++
    The Task Sequence installs Google Chrome locally and a firewall agent

    Everything else is AppV. You either have the choice to cache or stream. Basically caching pulls the package from the network and keeps it on the local disk. The end user notices no difference between a locally installed app, and one running from AppV.

    Doing this for stuff like Java apps is a godsend as you can run different versions of java on the same machine via what's called connection groups. If anything needs an update or tweak, we do it once and everything filters down across the network.

    There are a few small exceptions. We have a few machines which need some massive applications, or weird old ones which hook into drivers so we just either install those manually, or deploy from SCCM.
     
  10. steinooo

    Mobster

    Joined: Dec 31, 2003

    Posts: 4,442

    you've done exceptionally well to organise all that between 3 of you. I was in a team of 4 focussing on these kind of technologies with the backing of 2 outsourcers at my disposal and we didn't reach a solution as slick as that. No outsourcers we went to seemed to know what they were doing either so it relied upon a high level of technical awareness/competency internally.
     
  11. TheOracle

    Capodecina

    Joined: Sep 30, 2005

    Posts: 10,939

    haha, you must be joking. I did it all myself. The other two were apprentices on 1st line not long ago.
    I'm basically group head of IT, third line engineer and tea boy ;-)

    Not going to mention about all the international sites. They do pay me well though, and I'm left to do what I like so I'm happy.

    The real saviour though is RDS and VDI through dumb linux terminals. Without that we'd really be up poo creek.
     
    Last edited: Jan 9, 2019
  12. TheOracle

    Capodecina

    Joined: Sep 30, 2005

    Posts: 10,939

    Businesses around the world now have less than a year to move off Windows 7.....and they still don't understand the Windows 10 lifecycle model eek!

    How do some of these managers, become managers?