Windows 10 vs Windows 7
-
@PhlipElder said in Windows 10 vs Windows 7:
We're flipping all of our clients over to Windows 10. It's a lot easier to maintain patch wise though the recent move to split-out .NET gives us a bit more complexity.
Whether Win7 or Win10 it's important to disable SMBv1. The following is PowerShell:
# Disable on Windows 10 Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -Restart # Check Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol # Check and Disable on Windows 7 Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath} # Disable SMBv1 on Windows 7 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force Restart-Computer # Disable on Windows Server 2012 RTM # Check Get-SmbServerConfiguration | Select EnableSMB1Protocol # Disable Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$False
What do you mean split out .NET ?
You can install latest version of .NET on both systems, and the only split .net done was in 4.0 they made one full and one for client, then they realized it us mistake. and never did it again.
-
@Emad-R said in Windows 10 vs Windows 7:
@PhlipElder said in Windows 10 vs Windows 7:
We're flipping all of our clients over to Windows 10. It's a lot easier to maintain patch wise though the recent move to split-out .NET gives us a bit more complexity.
Whether Win7 or Win10 it's important to disable SMBv1. The following is PowerShell:
# Disable on Windows 10 Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -Restart # Check Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol # Check and Disable on Windows 7 Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath} # Disable SMBv1 on Windows 7 Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force Restart-Computer # Disable on Windows Server 2012 RTM # Check Get-SmbServerConfiguration | Select EnableSMB1Protocol # Disable Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$False
What do you mean split out .NET ?
You can install latest version of .NET on both systems, and the only split .net done was in 4.0 they made one full and one for client, then they realized it us mistake. and never did it again.
Windows 10 Update structure:
1: Servicing Stack Updates (Requires an acknowledgement prior to entry)
2: Latest Cumulative Update
3: Latest .NET Update for Windows 10 (I've not found a URL for this one yet)Meaning, .NET will not be delivered in the LCU anymore.
-
Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.
-
@scottalanmiller said in Windows 10 vs Windows 7:
Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.
From what I understand the throttling is being pulled off now.
-
@scottalanmiller said in Windows 10 vs Windows 7:
Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.
Also speaking of updates.
-
@JaredBusch said in Windows 10 vs Windows 7:
@scottalanmiller said in Windows 10 vs Windows 7:
Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.
Also speaking of updates.
FFS
Basically they just stated outright... Windows 10 isn't ready for production use. Which we knew, but they've made it official.
-
@scottalanmiller said in Windows 10 vs Windows 7:
@JaredBusch said in Windows 10 vs Windows 7:
@scottalanmiller said in Windows 10 vs Windows 7:
Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.
Also speaking of updates.
FFS
Basically they just stated outright... Windows 10 isn't ready for production use. Which we knew, but they've made it official.
Yeah, there was something on theregister or slashdot in the past couple of weeks about this. Makes me VERY happy that a) We're running WSUS at work to control this garbage and b) that I'm not the WSUS admin
-
@JaredBusch said in Windows 10 vs Windows 7:
@scottalanmiller said in Windows 10 vs Windows 7:
Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.
Also speaking of updates.
Hype, FUD, click-bait, whatever.
Jiminy Cricket folks sure love to blow their horns.
We've been on 1803 and our clients have and our contractor's clients have pretty much since it was released.
We've been deploying all new systems with 1809 patched and up to date because it just works.
I find that the primary problem with patching is a lack of regression testing by the folks doing the patching. For those that are, see www.patchmanagement.org and join the lists.
Microsoft has been "failing" at QA for patching for freaking years now. There's just too complex an ecosystem for them to cover all of the bases anyway so the idea that everyone's setup can be patched immediately is befuddling at best and suicidal at worst.
The reality is that we need to regression test and litmus test those patches to make sure they work for our systems. That's our responsibility not theirs.
Caveat: While the above is definitely a very not-so-humble opinion, Microsoft should have their collective defecation together at least for their own hardware line. But then again, folks install all sorts of stuff on their machines that seemingly take them off-spec so the above applies yet again.
The only patching issues we've had to date on the Windows 10 platform have been with users that took their machines out of deployment spec by installing whatever. Our in-spec Win10 deployments have been quite stable patch wise.
-
@PhlipElder said in Windows 10 vs Windows 7:
The reality is that we need to regression test and litmus test those patches to make sure they work for our systems. That's our responsibility not theirs.
For third party apps, yes. For the OS itself, no. No other OS puts OS testing on the end users. This just reinforces the thought that it's not production ready. Especially for the SMB space. Especially when test devices aren't licensed for free. Making things unstable means more sales, means less production ready.
What you are describing is a "lower bar" for Windows than for its competitors. You are asking the end users to accept a lesser product when considering Windows. Things we wouldn't find acceptable if it were macOS or Ubuntu. But when it's Windows, we are supposed to feel it is okay.
-
@PhlipElder said in Windows 10 vs Windows 7:
Caveat: While the above is definitely a very not-so-humble opinion, Microsoft should have their collective defecation together at least for their own hardware line.
To their credit, they seem to fix their own stuff last and not use having their own hardware as a way to screw their hardware competitors. They definitely treat Surface users as the red headed stepchildren instead of treating them as the favoured children. Which is how it needs to be to not alienate everyone else.
-
@scottalanmiller said in Windows 10 vs Windows 7:
@PhlipElder said in Windows 10 vs Windows 7:
The reality is that we need to regression test and litmus test those patches to make sure they work for our systems. That's our responsibility not theirs.
For third party apps, yes. For the OS itself, no. No other OS puts OS testing on the end users. This just reinforces the thought that it's not production ready. Especially for the SMB space. Especially when test devices aren't licensed for free. Making things unstable means more sales, means less production ready.
What you are describing is a "lower bar" for Windows than for its competitors. You are asking the end users to accept a lesser product when considering Windows. Things we wouldn't find acceptable if it were macOS or Ubuntu. But when it's Windows, we are supposed to feel it is okay.
macOS. Yeah, right. We've had our fair share of problems on that platform as well as the iOS too.
I'm not sure I've ever met an admin that would trust an OS update/upgrade from any vendor out of the box without testing it at all ... just blindly install everything that comes their way. <-- @scottalanmiller Is that what's being claimed here?
-
@PhlipElder said in Windows 10 vs Windows 7:
I'm not sure I've ever met an admin that would trust an OS update/upgrade from any vendor out of the box without testing it at all ... just blindly install everything that comes their way. <-- @scottalanmiller Is that what's being claimed here?
Yes, that's how nearly all SMB works. In the real world, the vast majority of companies are either unwilling or unable to pay for testing gear and licenses. And of the few that do, most don't have reliable testing mechanisms. And even of those, it doesn't always work because things still vary that can't be accounted for, especially when talking about desktops.
Everyone knows that testing is a great idea. But it's crazy to think that SMBs can actually do it. Thankfully, with things like Fedora, there isn't a fear around it, that's unique to the Windows space. Is it know that it could be an issue, sure. But it's also known to be a ridiculously minor concern, something that is more theoretical than real. It is exclusive to the Windows world that testing is so important, and also unique that it is so hard and costly.
But given real world factors, it's totally unrealistic to expect small companies to test updates. How do you perceive that working. Even having uniform environments is incredibly rare. Given that most companies can't get the basics covered in their budgets, budgeting a large amount for testing that does almost nothing for them doesn't make good IT sense.
Remember that the cost of testing is very high for small environments. In the enterprise, doing basic testing for 50,000 users has a trivial per user cost. In a five person environment, the testing needs are about the same, but the cost per user is literally 10,000 times higher.
-
@PhlipElder said in Windows 10 vs Windows 7:
... just blindly install everything that comes their way. <-- @scottalanmiller Is that what's being claimed here?
SMBs basically have two choices. The good one... trust that your vendor knows what they are doing and install their patches. This works in every production ready ecosystem 99.99% of the time. And until recently, worked with Windows.
The other choice is to avoid updates. As testing is too costly (and in many environments, too hard), and they have a fear of their platform vendor's competence, they decide to simply not patch. This is unfortunately what seems to be the more common option.
-
Now, of course, in the MSP space, the resources exist to do testing. But....
Imagine MSPs asking customers to provide testing hardware, licensing, and to pay for IT labour to do testing. The average customer will simply laugh and say "no". End of story. Some customers will actually see it as a blatant money grab to get billable hours. All while adding some types of risk from delaying patches or risking missing them. Testing brings its own risks, even when well funded and with good processes.
Are there MSP customers willing to do this? Yes. Are they common? Not at all. Every MSP wants them, because those are the customers that pay the best. But they are extremely rare. And in most cases, the customers who refuse testing are probably doing the right thing. Run the numbers, you have to have good backups and recovery processes. The risks of bad updates are generally really small. Inconvenient, but small.
Impacts from bad patches are normally annoying but trivial. Wasting time rolling back, putting up with glitches, or worst case, re-installing. Not good, but not actually a big deal. COnsidering even those cases are rare, the cost of testing typically is larger than the risk it is protecting against.
-
@scottalanmiller said in Windows 10 vs Windows 7:
@PhlipElder said in Windows 10 vs Windows 7:
I'm not sure I've ever met an admin that would trust an OS update/upgrade from any vendor out of the box without testing it at all ... just blindly install everything that comes their way. <-- @scottalanmiller Is that what's being claimed here?
Yes, that's how nearly all SMB works. In the real world, the vast majority of companies are either unwilling or unable to pay for testing gear and licenses. And of the few that do, most don't have reliable testing mechanisms. And even of those, it doesn't always work because things still vary that can't be accounted for, especially when talking about desktops.
Everyone knows that testing is a great idea. But it's crazy to think that SMBs can actually do it. Thankfully, with things like Fedora, there isn't a fear around it, that's unique to the Windows space. Is it know that it could be an issue, sure. But it's also known to be a ridiculously minor concern, something that is more theoretical than real. It is exclusive to the Windows world that testing is so important, and also unique that it is so hard and costly.
But given real world factors, it's totally unrealistic to expect small companies to test updates. How do you perceive that working. Even having uniform environments is incredibly rare. Given that most companies can't get the basics covered in their budgets, budgeting a large amount for testing that does almost nothing for them doesn't make good IT sense.
Remember that the cost of testing is very high for small environments. In the enterprise, doing basic testing for 50,000 users has a trivial per user cost. In a five person environment, the testing needs are about the same, but the cost per user is literally 10,000 times higher.
Our SMB clients have been paying us to regression test and deploy patches for years. That's what we're here for. But then, we're the exception to the rule and thus the "All SMB belongs in the cloud" attitude at Microsoft.
As far as avoiding patches that's been going on since I can remember with the old rule of thumb being no OS upgrade/changes until SP1 comes down the pipe. So, nothing has changed there on most any platform.
-
@scottalanmiller said in Windows 10 vs Windows 7:
Now, of course, in the MSP space, the resources exist to do testing. But....
Imagine MSPs asking customers to provide testing hardware, licensing, and to pay for IT labour to do testing. ...>
We have our own lab to test with. Our clients pay a small monthly fee that's part of their monthly management. We use that fee to keep the lab relatively up to date.
There's no excuse for any IT company to not have a lab to work with whether provided for by their partner vendors or built-out on their own. None. Nada. Zippo.
-
@PhlipElder said in Windows 10 vs Windows 7:
@scottalanmiller said in Windows 10 vs Windows 7:
@PhlipElder said in Windows 10 vs Windows 7:
I'm not sure I've ever met an admin that would trust an OS update/upgrade from any vendor out of the box without testing it at all ... just blindly install everything that comes their way. <-- @scottalanmiller Is that what's being claimed here?
Yes, that's how nearly all SMB works. In the real world, the vast majority of companies are either unwilling or unable to pay for testing gear and licenses. And of the few that do, most don't have reliable testing mechanisms. And even of those, it doesn't always work because things still vary that can't be accounted for, especially when talking about desktops.
Everyone knows that testing is a great idea. But it's crazy to think that SMBs can actually do it. Thankfully, with things like Fedora, there isn't a fear around it, that's unique to the Windows space. Is it know that it could be an issue, sure. But it's also known to be a ridiculously minor concern, something that is more theoretical than real. It is exclusive to the Windows world that testing is so important, and also unique that it is so hard and costly.
But given real world factors, it's totally unrealistic to expect small companies to test updates. How do you perceive that working. Even having uniform environments is incredibly rare. Given that most companies can't get the basics covered in their budgets, budgeting a large amount for testing that does almost nothing for them doesn't make good IT sense.
Remember that the cost of testing is very high for small environments. In the enterprise, doing basic testing for 50,000 users has a trivial per user cost. In a five person environment, the testing needs are about the same, but the cost per user is literally 10,000 times higher.
Our SMB clients have been paying us to regression test and deploy patches for years. That's what we're here for. But then, we're the exception to the rule and thus the "All SMB belongs in the cloud" attitude at Microsoft.
As far as avoiding patches that's been going on since I can remember with the old rule of thumb being no OS upgrade/changes until SP1 comes down the pipe. So, nothing has changed there on most any platform.
A key difference is when we see an MS shop, we essentially expect people to be avoiding patches and updates. I mean heck, this THREAD is about avoiding updates in the Windows world. That's the topic that got us here.
It happens on other OSes, but it is rare. When we walk into a Linux shop, we might see people using LTS releases, but it's quite unexpected to find systems that aren't recently updated.
-
@PhlipElder said in Windows 10 vs Windows 7:
@scottalanmiller said in Windows 10 vs Windows 7:
Now, of course, in the MSP space, the resources exist to do testing. But....
Imagine MSPs asking customers to provide testing hardware, licensing, and to pay for IT labour to do testing. ...>
We have our own lab to test with. Our clients pay a small monthly fee that's part of their monthly management. We use that fee to keep the lab relatively up to date.
That's a very high cost endeavor, though. Because you have to make it unique to each customer or force customers to mirror you. Great if you have that kind of customer, but ITSPs and internal IT departments don't. So each customer has to cover that cost themselves. So being an MSP doesn't change the financial decisions in any way.
-
@PhlipElder said in Windows 10 vs Windows 7:
There's no excuse for any IT company to not have a lab to work with whether provided for by their partner vendors or built-out on their own. None. Nada. Zippo.
Completely untrue. This is myopic and out of touch with reality. I can take you through the math time and time again with real world customers and show how crazy this is.
Companies with five desktops, no servers... and question whether to have IT at all... and you think they should have labs built somewhere? Even a single desktop lab is a 20% hardware lift over their stock environment. That's crazy for testing that might... might save them 5% cost.
Nothing in IT is an "always". Nothing. Not even backups, although they come close. Once you lose site of that and start having templates that everyone has to conform to, crazy things start happening.
-
@scottalanmiller said in Windows 10 vs Windows 7:
@PhlipElder said in Windows 10 vs Windows 7:
There's no excuse for any IT company to not have a lab to work with whether provided for by their partner vendors or built-out on their own. None. Nada. Zippo.
Completely untrue. This is myopic and out of touch with reality. I can take you through the math time and time again with real world customers and show how crazy this is.
Companies with five desktops, no servers... and question whether to have IT at all... and you think they should have labs built somewhere? Even a single desktop lab is a 20% hardware lift over their stock environment. That's crazy for testing that might... might save them 5% cost.
Nothing in IT is an "always". Nothing. Not even backups, although they come close. Once you lose site of that and start having templates that everyone has to conform to, crazy things start happening.
This does not line up with the point made. We have the lab. Not our clients. Plus, the clients we lab for on-premises have our on-premises gear in place. We also have a lab set up in the cloud for the same reasons for those that do not have any on-premises gear.
Apples to Apples please.
There is no reference on my part for a SMB to have their own lab.