Enterprise Best Practice Windows 10 Updates
-
I do not agree with the tiered approach either.
Also, MS just announced last week that 1511 is now considered the current branch, so you all would be on the level anyhow.
But, even if you did do this, the main difference, from what I can tell is that your slow ring people would be on the last major revision and the normal ring would be current, but everyone would be on the same security patches level as MS will be releasing them for both.
It might be easier to think about Service Packs. Again, from what I understand, your solution will have staggered Service Packs. But MS has in general released the security updates for the current and one previous SP.
-
We are about a week behind on workstations. I have a test target group of about 20 computers that I push updates to first. If all goes well, the rest get them. I never really have issues with workstation updates.
-
@IRJ said:
We are about a week behind on workstations. I have a test target group of about 20 computers that I push updates to first. If all goes well, the rest get them. I never really have issues with workstation updates.
I had two issues last year. Outlook had a problem with a view after an update last year. Don't recall the other one.
-
@Dashrender We've had quite a number of issues.
Surface Pro 4s: Waking from sleep mode and the video signal doesn't pass thru, Touchscreen fails to initialize, the usual...freezing, hotbag, multitouch issues, other mouse issues (erratic behavior/skipping and clicking around screen randomly)
Surface Pro 3: Wifi related issue (only one case thankfully)
All others: Issues with Outlook (Common cursor issue with one of the latest 2016 updates), Excel crashing, resolution stuck at 640x320 while using display port cables, Windows Freezing/lockups (pre-1511), video driver crashing (Intel), Broken activations after upgrading to 1511 (all machines....), applocker breaking, no directaccess issues so that's nice
For the most part it's been great, but we're just trying to see if there's a recommended or a best practice with going about putting users in different update rings.Thank you all for your input, look forward to continuing to read all your feedback.
-
@Dashrender And the main reason for delaying updates would be for builds, besides the activation issues we've had (and the over 30 hours of being on the phone with Microsoft to get them to add now 100 more activations to our MAK), we've had the latest build break a large number of our Trend Micro installs.
Builds seems to wreck things, despite fixing a huge number of bugs -
MAKs? why are you using MAKs? unless your fleet is never in the office?
-
@kamidon said:
@Dashrender We've had quite a number of issues.
Surface Pro 4s: Waking from sleep mode and the video signal doesn't pass thru, Touchscreen fails to initialize, the usual...freezing, hotbag, multitouch issues, other mouse issues (erratic behavior/skipping and clicking around screen randomly)
Surface Pro 3: Wifi related issue (only one case thankfully)
All others: Issues with Outlook (Common cursor issue with one of the latest 2016 updates), Excel crashing, resolution stuck at 640x320 while using display port cables, Windows Freezing/lockups (pre-1511), video driver crashing (Intel), Broken activations after upgrading to 1511 (all machines....), applocker breaking, no directaccess issues so that's nice
For the most part it's been great, but we're just trying to see if there's a recommended or a best practice with going about putting users in different update rings.Thank you all for your input, look forward to continuing to read all your feedback.
These issues aren't related to Windows 10. Surface Pro's are poor quality machines. we've abonded them. And we had a good number in service (maybe 500-100)
-
@Dashrender said:
MAKs? why are you using MAKs? unless your fleet is never in the office?
Depends on the sites of the company. KMS is great for server but when you are a large enterprise with different business units (and budgets) for end users then KMS can be a management nightmare.
-
@Jason said:
@Dashrender said:
MAKs? why are you using MAKs? unless your fleet is never in the office?
Depends on the sites of the company. KMS is great for server but when you are a large enterprise with different business units (and budgets) for end users then KMS can be a management nightmare.
How so? KMS doesn't care about actual paid licenses. One KMS server can (though probably shouldn't) handle a 20,000 employee/device company and only requires that you have a single KMS license. The actual license aspect is completely unrelated - i.e. each department can pay for their own stuff like they have before.
-
@Dashrender said:
@Jason said:
@Dashrender said:
MAKs? why are you using MAKs? unless your fleet is never in the office?
Depends on the sites of the company. KMS is great for server but when you are a large enterprise with different business units (and budgets) for end users then KMS can be a management nightmare.
How so? KMS doesn't care about actual paid licenses. One KMS server can (though probably shouldn't) handle a 20,000 employee/device company and only requires that you have a single KMS license. The actual license aspect is completely unrelated - i.e. each department can pay for their own stuff like they have before.
It said it's a management nightmare not that it can't. We have separate Keys for each business unit (not the same as a department at all https://en.wikipedia.org/wiki/Strategic_business_unit). Using KMS is harder to keep track of. Microsoft has even admitted KMS is usually bad and how company get in licensing trouble.
It takes all of two seconds for our technicians to enter a key. From a list and at the same time put the computer/user in a database for keeping track of licensing. If you have KMS it will just activate itself.
-
@Jason said:
@Dashrender said:
@Jason said:
@Dashrender said:
MAKs? why are you using MAKs? unless your fleet is never in the office?
Depends on the sites of the company. KMS is great for server but when you are a large enterprise with different business units (and budgets) for end users then KMS can be a management nightmare.
How so? KMS doesn't care about actual paid licenses. One KMS server can (though probably shouldn't) handle a 20,000 employee/device company and only requires that you have a single KMS license. The actual license aspect is completely unrelated - i.e. each department can pay for their own stuff like they have before.
It said it's a management nightmare not that it can't. We have separate Keys for each business unit (not the same as a department at all https://en.wikipedia.org/wiki/Strategic_business_unit). Using KMS is harder to keep track of. Microsoft has even admitted KMS is usually bad and how company get in licensing trouble.
It takes all of two seconds for our technicians to enter a key. From a list and at the same time put the computer/user in a database for keeping track of licensing. If you have KMS it will just activate itself.
Sounds like you really have a problem at purchasing. It should be their responsibility to ensure that licensing exists for the purchases you make. Spreading that responsibility around the company, department to department means multiple people have to understand how it works, and track things, etc. When time for an audit comes, you have to talk to everyone, not just a single department for the whole company. that definitely seems like a nightmare.
-
@Dashrender said:
Sounds like you really have a problem at purchasing. It should be their responsibility to ensure that licensing exists for the purchases you make. Spreading that responsibility around the company, department to department means multiple people have to understand how it works, and track things, etc. When time for an audit comes, you have to talk to everyone, not just a single department for the whole company. that definitely seems like a nightmare.
Where do you get multiple people do the purchasing? and even if they did there's no problem with that. We can see the amounts in our online portals.
-
Then where are you getting in trouble? If purchasing is making all the buying - and IT is just deploying what purchasing is supplying, you should never have a license mismatch, and KMS would be fine.