Win 10 Ent. compared to Win 10 Ent. LTSB what would be the right decision?
-
So, despite the ridiculous amount of changes (some really dumb ones, google demystifying dual scan, and then read the windows 10 wsus group policy documentation to find some conflicting ones) I would still recommend the Current Branch for Business. We’ll actually they recently changed the naming to be Semi-annual Channel for CBB and Semi-Annual-Channel (Targeted) for Current Branch.
While I certainly was all about the LTSB at first, there are some issues with it I have discovered.
One of the bigger ones is the lack of support for “new silicone” I don’t have time to go find the articles at the moment, but I’ve read a few microsoft and third party posts on how LTSB won’t support the latest chipsets as they come out. So in other words, if you have a image setup with LTSB 2015, but you have a new computer with a cpu/chipset that came out in 2018 with some fancy new features, you won’t be able to install LTSB on that new computer, or at least you won’t be supposed to be able to.
Also, while I was rather hesitant to allow access to the windows store, as I started adding surface type touch screens to our environment I’ve come to find it more and more useful. Also, there are plenty of group policies to disable access to the windows store.
Also, reading about the new features and such as they come out, kept making me want the new features. A more flexible and customizable windows update experience, new powershell cmdlets, and all sorts of things to play with.
Personally the whole no support for new silicone thing is what converted me.
Plus, we want to have a regular imaging schedule and the now semi-annual release schedule gives us a schedule to deploy fresh images. Which we intend to do instead of deploying the new releases through wsus. Updating from one release to another tends to lose some customizations like lockscreen images and custom account pictures. Plus they tend to change some of the features surrounding those customizations, so updating the ol unattend file and setupcomplete type scripts on that regular basis to be able to take advantage of new features is prolly a good idea. Also, have you checked out windows imaging configuration designer to make provisioning packages? It’s pretty sweet.So in short, due to recent changes to the windows as a service paradigm and choices in support rules for LTSB, unless you are using the same hardware for something for 10 years that needs to not have any risks of new features, and perhaps has some legacy software needs. Then LTSB is the way to go. If you are just looking to shirk away from pieces of windows 10 like the store and such, you should not go with LTSB and either embrace the changes, or create more restrictive group policies. Especially since you become so very stuck with any version of LTSB since you can only update to another iteration with a fresh install/image.
If you for some reason don’t have a AD to deploy group policies you can utilize provisioning packages and for policies not yet supported there you can learn to utilize the https://github.com/dlwyatt/PolicyFileEditor powershell module to deploy local group policies.
That’s my 2 (maybe it’s more like 200) cents on the matter.
-
Windows 10 Enterprise LTSB
-
@x23piracy Yes I realize Paint is in LTSB - I don’t know why I said paint earlier. I remembered wrong. LTSB originally did not have a default photo viewer at all.
-
@jj-fullmer you should look at UE-V if you want to keep lock screens between users and machines. I use it here and we can allows Windows 10 and Virtual Windows 10 users to keep the complete desktop experience. Wallpaper, Signatures, Outlook Cache. Even settings from applications that they setup such as mRemoteNG (remote desktop emulation program.) It is a pain to learn but what isn’t these days.
-
It looks like LTSB is receiving online updates, i read about that this is only possible via SCM, WSUS or manual.
This was maybe only with LTSB 2015 and not with 2016 or was this just a rumor (lie).From what i can say is that my LTSB 2016 is getting online updates.
Regards X23
-
@x23piracy It has always gotten updates via online. All version I have used gets online updates so long as it is activated.
-
@psycholiquid if so i don’t see any reason why not use ltsb in my case.
-
@x23piracy Like we have all said it is personal preference, and what you will to put up with, the Photo viewer thing that @Wayne-Workman brought up was a big issue here until I put my foot down and told them to use Word.
-
@psycholiquid i need to say regular Windows 10 1703 has stopped at some point respecting Irfanview as Photoviewer, it doesn’t present it at the defaults app if you click the box that offers possible applications.
Is MS playing dirty here? Or is that just a bug?
I will now try to install Irfanview in my test VM and will report if it offers it as photoviewer.Regards X23
-
@psycholiquid irfanview will be offered and it has been set as default after install:
-
I really like that there are no default apps by default in LTSB
-
@x23piracy In 1607 and I believe it was improved in 1703, there is no the ability to set defaults via a xml file in group policy. There was a bug with defaults back in 1511 and I think it shows back up here and there at times.
Basically you set up your associations as you would like, then run an export command, I believe it is a part of dism. Then you can either
- put the xml file in the system32 folder
- Put it on a public file share and reference it with a AD gpo
- create a provisioning package with ICD to deploy it locally as needed.
If you can’t find the documentation on this, I’ll try to find it again.
Also, an advantage to say the AD gpo of doing this is, let’s say some program suddenly stops working as a default for some file extension for whatever reason (it’s happened to me with chrome taking over as a pdf viewer, or after telling chrome through the google chrome admx group polices to not be used as a pdf viewer at all but it still being set as the default pdf application so pdf’s can’t be opened at all) then you can quickly change everyone’s default programs by just editing or replacing a file with the proper default associations. -
@psycholiquid In the past I have been creating scripts to create and deploy default profiles for each department. Giving a nice starting point with all the needed programs. UE-V looks intriguing, how do you use it? It looks like it’s a per user kind of thing from what I’ve read thus far. I would rather have a per department thing to start with then maybe add a user personalization backup kind of thing on top of that. If there’s any quick pointers you can offer, I would greatly appreciate it.
-
@x23piracy One other caveat to consider is the amount of changes that happen. With each release I am having to adopt the official windows way of deployment and customization a little more. Granted a lot of that are things that weren’t able to be easily done with built-in tools. Point being, if you are keeping up with all the changes, the changes to your deployment infrastructure are relatively small and you’re constantly learning how to use all the new toys. If you only have LTSB, then you’re going to have to learn and adapt to 2-3 years of changes each time you update your image to a new iteration. That would be quite a lot of change to manage. If you only have a few ltsb devices, but also are keeping up on the latest releases on other devices, the new ltsb release won’t require changes because you’ll be up to date on whatever new features and settings are added to the next LTSB.
Honestly, I understand wanting to stick with LTSB. I finally convinced myself to step away from it and understand the way microsoft is trying to do it and instead of trying to manipulate their ideas to work for me, just using it as intended. In the long run it makes your life easier and helps you to keep up on the latest in Microsoft’s configurations. So I would strongly encourage anyone with normal desktop computers to not solely use LTSB to avoid the future headaches that are sure to strike without warning. I’m just trying to help save you from the many headaches that I am currently correcting as I fix my mistake of going to LTSB as my original windows 10 deployment and now as I want a more universal and dynamic support structure that the semi-annual channel releases provide more and more with each update. Of course it’s your choice.
-
@jj-fullmer i was working with Windows 10 Professional in the past, i know what your talking about but in the actual situation i am heavily prepared for LTSB 2016 because it’s based on 1607, i’ve started generaliziing with 1511 and the last i did was 1703.
But your right and it’s a good point to may have LTSB and Enterprise (without LTSB) combined. But in my dreams i just want to maintain one golden for all if possible.
Regards X23
-
@x23piracy That is why I’ve just started to do one golden that I’ll fully update twice a year with each release and each monthly cumulative update to on a regular basis to simplify updates after imaging as well.
-
@jj-fullmer In the past i just did this only on half of the time when a new major has been released and directly after a major has been released. Since the updates are cumulative each month i am a bit lazy with it
-
@jj-fullmer said in Win 10 Ent. compared to Win 10 Ent. LTSB what would be the right decision?:
@psycholiquid In the past I have been creating scripts to create and deploy default profiles for each department. Giving a nice starting point with all the needed programs. UE-V looks intriguing, how do you use it? It looks like it’s a per user kind of thing from what I’ve read thus far. I would rather have a per department thing to start with then maybe add a user personalization backup kind of thing on top of that. If there’s any quick pointers you can offer, I would greatly appreciate it.
It is definitely a per user thing. I use it to backup the users Application settings such as Outlook and WinSCP and others. IT works alot better than Citrix or the old way of doing roaming profiles (Not folder redirection) as it uses xml files and small zipped packages to keep settings.
I can tell you that it is best to work with 1703 as the old version did not have t setup as a service making it a bit harder to work with but that is what I get for working in beta right? IT does work on the fly so it isn`t something you have to reboot every machine for either. Here is a custom script I use to backup users WinSCP settings:
<?xml version="1.0"?> <SettingsLocationTemplate xmlns="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"> <Name>WinSCP: SFTP, FTP, WebDAV and SCP client</Name> <ID>WinSCP-WinSCP-v-5-9</ID> <Version>1</Version> <Author> <Name>Jeremy Gravel</Name> <Email>user@email.com</Email> </Author> <Processes> <Process> <Filename>WinSCP.exe</Filename> </Process> </Processes> <Settings> <Registry> <Path Recursive="true">Software\Martin Prikryl</Path> </Registry> <File> <Root> <EnvironmentVariable>APPDATA</EnvironmentVariable> </Root> <Path /> <FileMask>winscp.rnd</FileMask> </File> </Settings> </SettingsLocationTemplate>
This really just pulls their reg files ann some folders and files which I designate in the xml
Example of the files being backed up to the folders:
Here is another example backing up all version of Chrome (allows for updates to versions):
<?xml version="1.0"?> <SettingsLocationTemplate xmlns="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"> <Name>Google Chrome</Name> <ID>Google-Chrome-chrome-v-58-0</ID> <Version>1</Version> <Author> <Name>Jeremy Gravel</Name> <Email>user@email.com</Email> </Author> <Processes> <Process> <Filename>chrome.exe</Filename> </Process> </Processes> <Settings> <Registry> <Path>Software\Google</Path> </Registry> <Registry> <Path>Software\Google\Chrome</Path> </Registry> <Registry> <Path>Software\Google\Chrome\BLBeacon</Path> </Registry> <Registry> <Path>Software\Google\Chrome\BrowserExitCodes</Path> </Registry> <Registry> <Path>Software\Google\Chrome\StabilityMetrics</Path> </Registry> <Registry> <Path Recursive="true">Software\Google\Chrome\PreferenceMACs</Path> </Registry> <Registry> <Path>Software\Google\Chrome\Extensions</Path> </Registry> <Registry> <Path>Software\Google\Chrome\NativeMessagingHosts</Path> </Registry> <Registry> <Path>Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}</Path> </Registry> <Registry> <Path Recursive="true">Software\Google\Software Removal Tool</Path> </Registry> <Registry> <Path>Software\RegisteredApplications</Path> </Registry> <Registry> <Path>Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities</Path> </Registry> <Registry> <Path>Software\Clients\StartMenuInternet\FIREFOX.EXE\Capabilities\URLAssociations</Path> </Registry> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Crashpad</Path> <FileMask>settings.dat</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Crashpad</Path> <FileMask>metadata</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Preferences</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Secure Preferences</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Visited Links</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>History-journal</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Login Data</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Bookmarks</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Last Session</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Current Session</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Cookies</FileMask> </File> <File> <Root> <EnvironmentVariable>LOCALAPPDATA</EnvironmentVariable> </Root> <Path>Google\Chrome\User Data\Default</Path> <FileMask>Cookies-journal</FileMask> </File> </Settings> </SettingsLocationTemplate>
-
@psycholiquid So if I want to still have a starting point for new users I’ll still need to create custom default profiles. Thank you very much for your examples. I hadn’t found a clear definition of settings location template, it makes so much sense now, it’s a template for where to find the location of the settings to backup, duh. I think I just wanted it to be a template of starter settings.
I think I will most definitely be adding this to my infrastructure. -
I am really glad that i started that discussion