If you’re planning your Windows 10 migration, the switch from BIOS-to-UEFI is a hugely important piece of the puzzle.
Unless all your Windows machines are configured to UEFI, your organization cannot take advantage of the special Windows 10 security features. Microsoft’s ‘MBR2GPT’ tool still only gets you part of the way there.
This webinar, ‘Automate BIOS-to-UEFI, 2018 Edition,’ hosted live from Redmond by Microsoft MVP Jörgen Nilsson and myself, will ensure you know how to complete the BIOS-to-UEFI process fully, securely and automatically.
Highlights from the Windows 10 MVP Q&A
Question: How do you propose I should keep 4,500 desktop and laptops across 90+ separate physical schools updated in an 18 month period?
Answer: This is a longer conversation and I would be happy to have it with you offline. The problem breaks down into 4 categories.
1.Hardware being compatible (Analytics Upgrade readiness will help here)
2.Software being tested and compatible (Windows Analytics really helps you focus here). Lots of FUD here that can easily be scoped.
3.Infrastructure – look for software solutions to reduce the number of servers and eliminate the network impact
4.User process – scheduling and control by the end user to ensure your timing is not disruptive (WOL is always a good call for education)
Question: So every windows 10 upgrade will be a clean install or it just retain the state with all settings and applications as in the previous version?
Answer: Upgrade is in place and leaves user state and applications 1untouched. Upgrades are the recommend path once you are windows 10 with UEFI. You will have the ability to back-out and upgrade assuming your space cleanup process has not run yet. There are several triggers for cleanup like running out of space. As for a clean install, you can use Imaging via SCCM to ensure that process is available for break-fix, new hire, replace, or security-based issues.I would be happy to talk more about the 4 major categories of Operating System Deployment (OSD).
Question: When will Windows 10 1703 go Current Branch for Business?
Answer: The term for Current Branch for Business (CBB) has been replaced by Semi-Annual Channel. The process to promote a deployment from Semi-Annual Targeted to Channel is based on you testing targeted in your environment than going broad.
Question: Can windows S be patched using SCCM? Can we define these folders via GPO? Why not protect them all?
Answer: I believe Windows 10 S Enterprise is to be managed via Intune as S does not allow you to run non Store applications. I have not seen any mention of SCCM/ConfigMgr in regards to Windows 10 S Enterprise.
Question: There are a lot of features not required in Enterprise which is making LTSC more attractive for a stable build to avoid build change cost.
Answer: Long Term Saving Branch is for very specific scenarios. I would not recommend LTSB for any internet connected device as there are too many exploits coming to quickly. LTSB has had issues with RSAT, software compatibility, MDM, windows hello, DoD requirements, lack or new hardware support (LTSB only supports silicon from when it was released), etc. That being said, LTSB does have very specific use cases as long as you are aware of all the pitfalls.
Question: Does it reinstall Store Apps?
Answer: During an upgrade, applications would not change. However, new features may be added.