Servicing Windows 10 with ConfigMgr Or, you could be super LAME and call it SCCM Just don’t expect Ami to be happy about it
Matthew Teegarden Ami Casto @TheEmptyGarden @AdaptivaAmi Oldest Speaker at MMS World’s Greatest Mom Goes to a lot of concerts in Chicago What is this category even for? Probably likes food and beer I love to eat food…all of it
What is Windows as a Service? Building Deploying Servicing Building: Microsoft is building Windows differently –they (MSFT) are always working on new features, and making those available to anyone interested so they can follow along with the development process and provide feedback, well before MSFT ships these features via the Insider Preview program. Deploying MSFT moved to a new simple update process that automatically preserves all apps, data, and settings, making it easier than ever to deploy new releases. At the same time, ensuring that application compatibility is great, and providing choices in tools, methods, and deployment timelines. Servicing Simplified process, to ensure consistency, stability and reliability. Delivered using cumulative updates which eliminate platform fragmentation for all Windows-based devices.
Timeline Insider Preview – These are builds that are not production ready. They give systems administrators a chance to preview and test in their environment, and provide feedback to Microsoft. You should have a very small subset of your computers in the preview ring, and if you can get a small group of users outside of IT to join the fun on a secondary PC, it would be helpful. Service Branches – These allow organizations to choose when to deploy the newest features of the newest build. The newest build will be called CB or Current Branch. You will deploy this build to your testing group consisting of members from your IT Department and a few candidates from other business units who can be relied upon to provide timely, constructive feedback. Next is CBB or Current Branch for Business. A CB build will turn into CBB after four months. For example: Windows 1703 is the CB as of March 2017. Around July of 2017 Windows 1703 will be CBB. Basically CB + 4 = CBB. Then there is LTSB – Long Term Service Branch. This is used to provide support for critical machines that can't upgrade to CB or CBB anytime soon. The entire process lasts approx. two years starting with internal testing at Microsoft, to Insider Preview, to CB, then CBB. Once a build has been marked RTM, it will be supported for 18 months, and Microsoft will only support two builds at a time.
Updates Feature Updates Quality Updates Feature Updates – These are released twice per year. For example: Windows 10 1511, 1607, 1703. These add new features to the operating system. In the past we would have to wait for a service pack or an entirely new operating system to be delivered to meet the business needs. Quality Updates - These are released monthly and are cumulative. When people ask me if they need to apply last month’s cumulative update before this months I tell them to look up the word cumulative! As the name implies, these updates grow bigger each month. The updates include both security fixes and non-security fixes. (Note: If you have Windows 10 1607 CU April 2017 or Windows 1703 you can deliver what are called express updates. These are just the differentials from the last cumulative update. https://docs.microsoft.com/en-us/sccm/sum/deploy-use/manage-express-installation-files-for-windows-10-updates
Why Are you changing things, Microsoft?! Did you enjoy troubleshooting Windows 7 patches and trying to figure out what patches to install and what patches to not install? Most organizations took a selective approach to software updates. This could result in newer updates not working since Microsoft tests all of their updates on a fully patched machine. Think of disk fragmentation. An optimized disk doesn’t have any fragmentation. That would be similar to a fully patched machine. With Windows as a Service Microsoft is ensuring that you can stay up to date with the latest features and security updates while maintaining consistency and reliability.
Setup Initial Setup Check sync status Create target collection(s) Pick the right stuff Might need a hotfix Check sync status Create target collection(s)
Links More reading: https://docs.microsoft.com/en-us/windows/deployment/update/waas-quick-start Much more reading: https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview Don't like reading? https://channel9.msdn.com/events/speakers/Michael-Niehaus
DEMO TIME
Using servicing Setup Why?
Task sequences Setup Why? Do TS based because of control and logging!
Troubleshooting | Server Side Logging SUPSetup.log WCM.log WUSSyncXML.log objreplmgr.log ruleengine.log WSUSCtrl.log PatchDownloader.log wsyncmgr.log MP_Location.log
Troubleshooting | client side logging ScanAgent.log LocationServices.log CCMMessaging.log WindowsUpdate.log WUAHandler.log UpdatesStore.log StateMessage.log PolicyEvaluator.log RebootCoordinator.log UpdatesHandler.log ServiceWindowManager.log UpdatesDeployment.log SmsWusHandler.log ccmperf.log