Windows 10 has only been available to the public since July 2015, or barely four (4) months. Yet the appeal and buzz have been so strong that many enterprise customers are well into their evaluations of it as their next big IT rollout project. Many are actually well into a production rollout. Having been in and around several of these projects, I’ve gathered some thoughts and notes about patterns and success stories. This is a brief dump of thoughts pertaining to what I’ve seen.
Upgrade or Bare Metal
The dreaded, “wipe-and-load”, deployments are still there, but the “in-place upgrade” is by far the better way to go – if you can. Most customers I’ve encountered so far are well-positioned for the in-place upgrade scenario. This may seem questionable to people who’ve only tried that with older versions of Windows. But trust me (if you dare), and Microsoft, the in-place upgrade is damn-near flawless and simple.
The caveats are fairly short, but also not unexpected:
- Major changes: Using third-party disk encryption, changing language settings, or replacing/upgrading most of the installed applications, renaming computers or changing domains: You should consider a bare metal “wipe-and-load” approach.
- OEM pre-installed devices: if you want to remove bloatware, adjust settings, and join to your corporate domain, use the ICD tool within the ADK for Windows 10.
- Otherwise: If you don’t need to upgrade “most” of the applications, and you’re not using disk encryption or changing language platform settings, give the in-place upgrade option a serious consideration.
Test Test Test
One mistake I’ve seen a few times is when a customer doesn’t include enough scenarios when testing for a potential production deployment. Identify your core platform configuration types, and be sure to test on each one of them. For example, if you have desktops, laptops and tablets. Or if you have a mix of 32 bit and 64 bit clients.
You may not need to test every application, but you should test devices by model or driver configuration. So, if you have five (5) different devices by a given manufacturer, but they all use similar drivers, you could likely test just one of them. If you have time and resources, the more you test the better off you’ll be (and better prepared to respond to management questions at status meetings).
Edge and Internet Explorer
Edge is obviously new, and still evolving somewhat. While it technically supports all the things a modern browser should support, it’s identity signature causes some problems for web sites which run the usual JS/CSS client selection gauntlet. This translates into issues where some web sites (including Microsoft’s) may balk and tell you to open them in IE.
While you continue to evaluate Edge (and you should), you can control the end-user experience using Group Policy. With some very simple GPO settings, you can set the default browser to IE. And if you really want to get ugly, you can block Edge using an App Locker policy setting (enterprise editions only).
Most Common Headaches
These are what I’ve seen most often with regards to 64-bit deployments of Windows 10, but to be fair, these are pretty much the same as when going to Windows 7 or 8.1 on 64-bit, as well as deploying an Office upgrade.
- 32-bit Applications with hardware driver requirements
- Office add-ins which are version-specific
- IE extensions (by version and with regards to using Edge)
- Access database apps (Office version related)
- Crapware apps
I’ve seen very, very few problems with Word, Excel and PowerPoint data when going from as far back as Office 2007 to Office 2016/365. It’s usually Access that ends up clogging the toilet. As far as the “crapware” items, those will involve correspondence with the developers and patience. A lot of them will be eager to keep you as a customer, so they will help if they can, but you have to ask. They can’t read your mind.
Familiarize yourself with the Microsoft Solution Accelerators
If you can employ the in-place upgrade option, use it. Much less of a headache and very reliable.
Make sure you update to the latest MDT 2013 for Windows 10.
If you’re dealing with Surface Pro 3 devices (or any special kind of device) be sure to check with the vendor for latest firmware and software to help with imaging and configuration.
If you’re using System Center ConfigMgr 2012, update to the latest service pack and cumulative update, and update ADK and MDT as well. And while you’re at it, perform a health check of your ConfigMgr site hierarchy and site systems. Review site boundaries and boundary groups, and update them if necessary. Make sure everything is working properly and running “clean” (green, not red). Do the same for your SQL Server environment.
Clean up Active Directory. Review your DNS scavenging and DHCP settings to insure you’re keeping the accounts clean and the address assignments are accurately maintained. This is more applicable to environments which employ SCCM and tools like that, but still relevant for all environments.
Review security roles and staffing. Make sure people are given the permissions to do only what they need, and make sure that those permissions are applied only to the appropriate resources. This isn’t necessary for deploying Windows 10, but it helps keep invisible hands out of the kitchen along the way.
Of all the third-party applications I’ve encountered thus far, which is around 400, very few seem to have issues with upgrading from Windows 7 to Windows 10. It’s really more about the 32/64 bit OS installation or other aspects like Group Policy. 400 is obviously a low number and barely scratches the surface.
Don’t rush it! Plan plan plan plan then test test test – THEN deploy.
Hire a consultant. Not because we need the money (it helps though), but it buys you “plausible deniability” and “extra eyes and hands”. Be sure to ask for customer references.