Windows 10 Gains a Little in October, But So Does Windows 7

With Microsoft conceding that its lofty Windows 10 goals were just guidelines, the company is turning to Enterprises in hopes to fill gaps in Windows 10 adoption. Unfortunately, the last couple months have shown that companies are choosing Windows 7 instead.

Between August and September, Windows 10 installations actually declined. Between September and October, according to NetMarketshare, Windows 10 has gained a bit, but only by a very small tick.


gains

 

 

 

 

 

 


Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Lookout ConfigMgr Admins, Windows Monthly Updates are Gonna Get Huge

Written for Adaptiva by Cliff Hobbs, Microsoft MVP in Enterprise Mobility and Founder and CEO of FAQShop.com

One of the biggest pain points in maintaining any IT infrastructure is keeping it up to date. A vendor software update may be fixing a bug, addressing reliability issue, plugging a security vulnerability, or sometimes adding minor features/enhancements between major releases. Prior to Windows 10 we have been able to selectively decide which updates we want to install rather than a blanket “install all” approach.

This selective approach though has given us problems. Probably the biggest issue is that you can potentially end up with different machines having different patch combinations installed across your estate. This does not help in large environments where you are trying to keep things as consistent as possible.  Plus, when you start having issues or weird things happening on certain machines and not others, it could be down to the concoction of patches and trying to pick it apart is no small feat.

Starting with Windows 10 Microsoft changed the servicing model. They release a single, cumulative servicing update containing security and reliability updates in a single Monthly Rollup, which you can deploy to all of your Windows 10 machines.  No more trying to decide which updates from a long list you should install.  No more problems with different machines running different patches.  Plus, since the updates are cumulative, it does not matter if you missed a previous update as the latest one contains all of the previous ones.

To help bring organizations running Windows 7/8.1 into this brave new world, back in May Microsoft announced the availability of a new optional convenience rollup package for Windows 7 Service Pack (SP) 1 containing all of the security and non-security fixes suitable for general distribution released since SP1 (so up until April 2016).  In other words, if you install this one you don’t need to install any prior updates.

However, fast forward to this month and as you will see from this TechNet post, things are changing in Redmond.  From this October Microsoft is aligning all currently supported versions of Windows with the Windows 10 servicing model.  In other words, starting in October, if you are using any version of Windows currently in mainstream support (Windows 7 SP1 and Windows 8.1 from the client side, and Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 on the server side), only the following two updates will be available each month[1]:

  • Monthly Rollup – Published every month to ConfigMgr, the Microsoft Update Catalog, WSUS and Windows Update (WU), the Monthly Rollup will be cumulative and will contain updates that address both security and reliability issues. The ultimate goal is by applying the latest update your device will be up to date. WSUS and Windows Update can utilize express packages to keep the monthly download size smaller (for WSUS you will need to configure it to use express packages as detailed here).
  • Security-only updates – As its name suggests, these will be a single update containing just the security updates for the relevant month into one update. These will be published through the same channels as the Monthly Rollups with the exception of Windows Update.

So what does this mean?

Well from this October you will no longer be able to download individual updates as they will no longer be available, which is potentially going to make life challenging if a specific patch causes an issue and you need to remove just the one.  Under the new model you may need to work out which update contains the problem patch and then back track to remove it, unless Microsoft has some clever way of doing this up its sleeve.

Note that at the moment Internet Explorer is excluded from this new model but Microsoft is working to include this at some point in the future.  Office is not affected by this change nor are Microsoft products such as Exchange and SQL.  Driver updates and Windows Defender updates are also not affected.

There is no doubt that from an administrative point of view this new model makes it easier to deploy updates. From a standardization perspective, it also ensure that all of your machines should be running the same updates per Windows version. However, there is, of course, one potential massive negative impact of this model and that is: network bandwidth.

If these updates are cumulative then as each month’s updates are released they will supersede the previous month’s rollup.  The result?  You will need to distribute each month’s update to all of your Windows machines to keep them up-to-date even if it means they need just a single update.

Also bear in mind that over time the size of the updates will increase as more updates are updated. Plus Microsoft has stated that over the coming year they will be adding previously released updates in order to achieve the goal of installing just the latest update to cover you for everything prior.

Windows 10 is already up to 1GB for cumulative updates, and at that rate it could be 2GB in another year. That is a lot of data to deliver to each machine every month.

Of course ConfigMgr has various ways of dealing with content distribution, but now might be a good time to take a look at peer caching and bandwidth-management technologies that help with bandwidth management. For example, BranchCache could be a good option in some situations, especially for smaller companies. Smart-scaling systems management company, Adaptiva, has also written a blog on ways to solve the problem for medium to large businesses using the company’s OneSite content distribution engine. I highly recommend exploring these options before you find yourself dealing with an angry networking team when cumulative Windows 10 updates start in the fall.

No matter what you decide to decide to do (or not do) about it, one thing is for sure: get your network delivery plan ready because a BIG change is coming to your Windows monthly updates.

Tips for App-V 5.0 Sequencer Configuration

When it comes to setting up a good configuration for an App-V 5.0 SP2 (or later) sequencer, the items below are typically what I like to establish.  This list may not be fully complete and could be added to over time.  Optionally, if you have any recommendations, please feel free to leave a comment below!

  1.  Added a file named “ccmsetup” (no file extension) in C:Windows, which helps prevent the ConfigMgr client from being installed
  2. Turn off or disable: Windows Defender, Windows Update checks, Windows Firewall, Action Center notifications, restore points, auto restart on BSOD, highlight newly installed programs, and Windows indexing/search also needs to be turned off (disable the service “Windows Search”)
  3. Turn on or enable: remote desktop, set the display to “best performance”, add the “Run” box on the start menu, set IE to open with a blank page (and not MSN.com), set the system tray to show all icons, task manager to hide when minimized, desktop background to solid white color (makes for cleaner screen snips), and change the IE taskbar shortcut from the x64 app version to instead use the x86 app
  4. Install additional software KB2775511 (for Win7 SP1), WMF 4.0, KB2533623, Microsoft Office, the latest version of Hyper-V integration services, and the current supported version (in the business) of Internet Explorer*
  5. Install all Windows updates
  6. Ensure there was no random startup software either in the Run/RunOnce registry keys and the Startup folder

* Note that as of January 12, 2016, IE 11 will be the minimum supported browser version for Win7 and newer operating systems.  So if you haven’t started planning yet, it’s a good idea to begin soon.  Feel free to reach out to me if you need some guidance!

Filed under: App-V 5.0

ConfigMgr: Windows 7 32-bit and Software Updates

Posted in CM2012ConfigMgrKB’sSCCMWindows 7

Pretty nasty bug out there right now with 32-bit Windows 7 and Software Updates.  If you are struggling with getting your clients to download/install updates.  Check your WindowsUpdate.log, if you see the following error:

WARNING: ISusInternal::GetUpdateMetadata2 failed, hr=8007000E

Then I’d strongly encourage you to apply the following KB/Hotfix (KB3050265). 

Here is also a great article explaining what is going on from the ConfigMgr Team Blog.  Read that article here.

After applying this update in my client environment, patches immediately started working again.

SCCM 2012 Easy Naming Convention

Hello,

A while ago I was on a project that needed to quickly adopt a simple and easy naming convention for new builds that the desktop support teams could build in bulk without having to manually enter in a computer name before each build.

Now normally you’d use the OSDCOMPUTERNAME variable (manual) or you’d prestage the devices you want to build in SCCM with a name and a MAC address. But instead I used the serial number of hardware, as its almost guaranteed to be unique on each device. Here is how to easily set this up in your task sequence.

We decided to use an acronym as part of the name, eg: TDT12345  (where “TDT” is The Desktop Team and ”12345″ is the serial number)

Next you need to add in 3 steps to your task sequence, they need to added in after the Apply OS section and before the Apply Windows Settings section of the task sequence, the steps are as follows.

  • Use Toolkit Package (MDT Toolkit)
  • Gather (Gather only local data do not process rules); and
  • Set Computer Name

So it looks likes this

download1

On the “Set Computer Name” step this is done by adding a “Set Task Sequence Variable” this can done by clicking “Add” from the menu above your task sequence and looking for the “Set Task Sequence Variable” option. You can now rename this to Set Computer Name for example.

Make sure you have the following in place as shown below, you will need the task sequence variable to set to OSDCOMPUTERNAME. The value can then be set to %SERIALNUMBER%

download2

Save the task sequence and away you go! You can change the value as shown above to TDT%SERIALNUMBER% to have TDT%serialnumber% as the computer name.

Boot, deploy, test and be happy :)