,

Windows 10 – Servicing Model and Deployment

Windows 10 Servicing Model

With Windows 10, a new model was introduced called “Windows as a service – WAAS”. Rather than new features being added only in new OS/every few years, WAAS will continually provide new capabilities. The Semi-Annual Channel is a twice-per-year feature update release targeting around March and September, with 18-month servicing timelines for each release

Starting October 2016, Windows also changed it update model to have a single Monthly Rollup that takes care of security and reliability issues. The update will be published to SCCM/WSUS automatically. Each month’s rollup will supersede the previous months, so there is only ever the most recent update to install to be up to date.

Deploying Windows 10

Deploying Windows 10 is easier than with previous versions of Windows because now it supports a simple in-place upgrade process from 7 -> 10 and 8 -> 10. This automatically preserves all apps, settings, and data. Then, once you’re running Windows 10, 10 -> 10 deployments of Windows 10 feature updates, such as Windows 10 1703 -> Windows 10 1706 is the new way to go

Additionally, Windows 10 is compatible with most hardware and software capable of running on Windows 7 and Windows 8. Software compatibility is so high because Win32 application programming interfaces were not changed very much between versions. As a result of this, the app compatibility testing process is simplified. Finally, most hardware drivers that functioned in 7 or 8 will continue to function in Windows 10.

Feature Updates (“A New OS”)

Released twice a year, one in March and one in September. Since feature updates contain an entire copy of the OS, they are also used to install Windows 10 on existing devices running Windows 7 or Windows 8.1, and on new devices where no operating system is installed. Examples include 1703, 1709, aka March 2017, Sept 2017

Version

Marketing name

Release date

Ent Support Ends
(+18 Months)

LTSC Support Ends
(10 Years)

1507

Threshold 1

July 29, 2015

May 9, 2017

October 14, 2025

1511

November Update

November 10, 2015

April 10, 2018

N/A

1607

Anniversary Update

August 2, 2016

October 9, 2018

October 13, 2026

1703

Creators Update

April 5, 2017

April 9, 2019

N/A

1709

Fall Creators Update

October 17, 2017

October 8, 2019

N/A

1803

Redstone 4

Early 2018

TBA

N/A

1809

Redstone 5

Late 2018

TBA

TBA

Monthly Quality Rollup Update (Monthly Update)

In addition to larger feature updates, Microsoft will publish regular monthly quality updates on Patch Tuesday. These smaller updates are similar to the monthly security updates and patches that you have been used to before Windows 10, but there are some significant differences. For one, the new quality updates are specific to the Windows 10 versions you are currently running. Secondly, expect Microsoft to publish as many of these as needed for any feature updates that are still in support.

No longer will you see individual KB updates, but rather the Monthly Rollups as such:

Monthly Quality Rollup Update

Description

Security Only Quality Update

Collects all of the security patches for JUST that month into a single update

Security Monthly Quality Rollup

Same as above + non-security (reliability) updates, and cumulative for past 6-8 months, so will keep getting bigger

.Net Framework Security-Only Update

Contains only security updates for JUST that month

.Net Framework Rollup

Same as above + non-security (reliability) updates, and cumulative for past 6-8 months, so will keep getting bigger

Servicing Channel (previously called Branches)

Servicing Channels are determined by the frequency with which the computer is configured to receive feature updates. In other words, it defines when a “Feature Update / A New OS” is available to you after it is released by Microsoft.

Servicing Channel

Old Name Prior to July 2017

Availability of new features

Overview

Windows Insider community

Before Release

In the past, when Microsoft developed new versions of Windows, it typically released technical previews near the end of the process, when Windows was nearly ready to ship. With Windows 10, new features will be delivered to the as soon as possible — during the development cycle, through a process called flighting.

Semi-Annual Channel (Targeted)

Current Branch (CB)

Immediately after first published by Microsoft (March / Sept)

What all home users get and what most small business corporate Pro users will get.

Semi-Annual Channel

Current Branch for Business (CBB)

Approximately 4 months after Targeted (July/January)

Just like Targeted, but delayed by 4 months.

Long-Term Servicing Channel (LTSC)

Long-Term Servicing Branch (LTSB)

Every 10 Years

Identical to old versions of Windows where users receive Security Updates and bug fixes every month but no new features and enhancements will be installed. Minimum length of servicing lifetime of LTSB is 10 years.

Deploying Windows 10 via SCCM

With all the latest versions of the Configuration Manager console (see my other article New Features in SCCM) the Windows 10 Servicing Dashboard is now available to you to begin deploying Windows 10 feature updates. This will be used to deploy Windows 10 in SCCM.

Deployment Rings

First, let’s take a closer look at the area on the Windows 10 servicing dashboard defined as a Deployment Ring. A ring is a groups of PCs that are all on the same branch and have the same update settings. Rings can be used internally by your company to better control the upgrade rollout process.

Deploying prior versions of Windows required you to build groups of users/computers to deploy the new OS out to in phases. These typically ranged from the most adaptable and least risky (like your IT staff) to the least adaptable or riskiest (like executives). Now with Windows 10 deployment Rings, a similar tactic exists, but the ideas is a little different.

Deployment Rings, in the simplest sense, are a way for you to separate machines into your deployment timeline. The idea is to have each deployment ring reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments, just like you had before.

Creating your Deployment Rings should only really need to occur once, but revisit from time to time to assure everything is still how you want it.

Here is an example of a set of deployment rings you could create in your environment

Deployment Ring

Servicing Channel

Feature Updates Deferral

Quality Updates Deferral

Example

Pre-Pilot

Windows Insider Program

None

None

A few computers, perhaps owned by your IT staff, to evaluate the new version on.

Pilot

Semi-annual channel (Targeted)

None

None

Select computers across various departments. This could also be the same as your Pilot Windows Update Group

Production

Semi-annual channel

120 days

7-14 days

Deployed to the Majority of your Company

Executive

Semi-annual channel

180 days

30 days

Critical Users and Computers that need the most testing done prior to their use of the new feature update or Quality Update.

You could additionally have a ring for the LTSC Serving Channel for things such as ATMs if you were a bank.

Create SCCM Collections Based Off Your Deployment Rings

You must start the Windows 10 servicing process by creating collections of computers that represent the deployment rings we defined above. In this example, you create four collections:

  • Windows 10 – Pre-Pilot
  • Windows 10 – Pilot
  • Windows 10 – Production
  • Windows 10 – Executive

Limit these collections to only hold Windows 10 computers. If you don’t already have a Windows 10 collection to limit from, simply create one with a query such as: 


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client
from SMS_R_System
where SMS_R_System.OperatingSystemNameandVersion = "Microsoft Windows NT Workstation 10.0"

Finally, after you have created your four collections, add the computers inside of those collections that you would want represented in each deployment phase.

Use Windows 10 Servicing Plans to Deploy Feature Updates

There are two ways to deploy Windows 10 feature updates with SCCM.

  1. Use Windows 10 Servicing Plans, which are similar to Automatic Deployment Rules for software updates.
  2. Use a Task Sequence, which is the old way.

For this article, we are going to focus on Windows 10 Servicing Plans as Task Sequence deployments can be covered in other areas. For example, let’s create the serving plan for the collection, Windows 10 – Production. Creating the serving plans for the other collections will be a similar process.

  1. In SCCM console, go to Software Library -> Overview -> Windows 10 Servicing, and then click Servicing Plans.
  2. On the Ribbon, click Create Servicing Plan.
  3. Name the plan Windows 10 – Production (Servicing Plan), and then click Next.
  4. Next, select/browse to the Windows 10 – Production collection, and click Next.
  5. On the Deployment Ring section, choose the Business Ready (Semi-annual channel) readiness state, set the delay to 120 days, and then click Next.
  6. On the Deployment Schedule page, click Next to modify the values if you wish, but the defaults of making the content available immediately and requiring installation by the 7-day deadline are fine for this example.
  7. On the User Experience section, choose Software Installation and System restart (if necessary). Select Workstations, and then click Next.
  8. On the Deployment Package section, select create a new deployment package. In Name, type Windows 10 – Upgrades, select a UNC path for your package source location, and then click Next.
  9. On the Distribution Points section, add the Distribution Points you want this deployment package to be available from (preferably the same ones these computer’s Boundary Groups would be associated to)

Excellent. You now just created a servicing plan, for the Windows 10 – Production collection, which is based off the Windows 10 –Production Deployment Ring. As you can see as we created the serving plan, your Production users will get the Windows 10 Feature Update automatically deployed to their computer’s 120 days after it is released by Microsoft. That’s pretty simply, right?

Finally, you could elect to create your Windows Update ADRs to deploy Monthly Quality Rollups to this same collection 7-14 days after they are released on patch Tuesday, completing the criteria we reviewed in the Deployment Rings table earlier. Servicing plans use only the “Upgrades” software updates classification, not cumulative updates for Windows 10. For those updates, you will still need to deploy by using the software updates workflow.

Converting from BIOS to UEFI without Wiping Harddisk (MBR2GPT.EXE)

UEFI Convergence has been a big issue, and required a “wipe and load” until Windows 10 1703 released MBR2GPT.EXE. This tool is used to Shift from MBR to GPT so you can go from BIOS to UEFI without having to reformat. Usually, MBR + BIOS, and GPT + UEFI go hand in hand. This is compulsory for some systems (eg Windows), while optional for others (eg Linux).

Windows 7 (BIOS) -> Windows 10 (UEFI)

Mentioned in the 1703 feature updates below, MBR2GPT.EXE converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from Windows PE or from the full Windows 10 OS by using the /allowFullOS option.

MBR2GPT.EXE is located in the Windows\System32 directory on a computer running Windows 10 version 1703 (Creators Update).

“Use this tool for in place upgrade.”

Example Use of MBR2GPT


X:\>mbr2gpt /convert /disk:0
MBR2GPT will now attempt to convert disk 0.If conversion is successful the disk can only be booted in GPT mode.

These changes cannot be undone!

*After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.

MBR vs GPT

Compared with MBR disk, A GPT disk can support larger than 2 TB volumes where MBR cannot. A GPT disk can be basic or dynamic, just like an MBR disk can be basic or dynamic. GPT disks also support up to 128 partitions rather than the 4 primary partitions limited to MBR. Also, GPT keeps a backup of the partition table at the end of the disk. Furthermore, GPT disk provides greater reliability due to replication and cyclical redundancy check (CRC) protection of the partition table. GPT disk partitioning style supports volumes up to 18 exabytes in size and up to 128 partitions per disk

BIOS vs. UEFI

UEFI enables better use of bigger hard drives. Though UEFI supports the traditional master boot record (MBR) method of hard drive partitioning, it doesn’t stop there. It’s also capable of working with the GUID Partition Table (GPT), which is free of the limitations the MBR places on the number and size of partitions. GPT ups the maximum partition size from 2.19TB to 9.4 zettabytes.

UEFI may be faster than the BIOS. Various tweaks and optimizations in the UEFI may help your system boot more quickly it could before. For example: With UEFI you may not have to endure messages asking you to set up hardware functions (such as a RAID controller) unless your immediate input is required; and UEFI can choose to initialize only certain components. The degree to which a boot is sped up will depend on your system configuration and hardware, so you may see a significant or a minor speed increase.

Windows 10 Feature Updates – What’s New

This section is meant to provide a broad overview of the changes in the latest Windows 10 Feature Updates.

Windows 10 1709

Below is a list of some of the new changes in Windows 10 1709, also known as the Fall Creators Update. 1709 also contains the features from version 1703.

Deployment

  • Windows AutoPilot – a zero touch deployment for Windows 10 devise, is now configurable with Configuration Policies.
  • Windows 10 Subscription Activation – lets you deploy Win 10 Enterprise without the need for keys or reboots.
  • Windows Automatic Redeployment – similar to Steady State (oh I how I loved and miss Windows Steady State) or DeepFreeze, which allows you to wipe the OS back to a known state you set.

Mobile Device Management (MDM)

  • MDM in Intune has been expanded to include domain joined devices with Azure Active Directory. Group Policy can be used with AD joined devices to trigger auto-enrollment to MDM.

Application Management

  • Windows Mixed Reality Introduction – VR headsets such as Samsung HMD Odyssey now integrate into Windows 10

Windows 10 1703

Below is a list of some of the new changes in Windows 10 1709, also known as Creators Update.

Configuration

  • Windows Configuration Designer – Let’s you provision devices such as needed for bulk enrollment in InTune
  • Windows Spotlight – New MDM / Group policy settings made available to turn it off

Deployment

  • MBR2GPT.EXE – Used to Shift from MBR to GPT so you can go from BIOS to UEFI without having to reformat. Usually, MBR + BIOS, and GPT + UEFI go hand in hand. This is compulsory for some systems (eg Windows), while optional for others (eg Linux). Windows 7 (BIOS) -> Windows 10 (UEFI). Because this is such an important feature, I cover it more above.
/0 Comments/by
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

Link to: Get in touch

Let’s collaborate!

Contact Me

DAVID MAIOLO

 The content on this website, including text, photographs, and any other media, is the property of David Maiolo unless otherwise noted. No part of this website may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the owner.

DISCLAIMER

The information provided on this website is for general informational purposes only. While I strive to keep the information up-to-date and correct, I make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. In no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website. *This website may include links to other websites which are not under the control of David Maiolo. I have no control over the nature, content, and availability of those sites.

© 2024 David Maiolo

SCCM TroubleshootingGroup Policy Overview