For those of you who have started deploying Windows 10 1607, you might notice a change in the behavior of the Windows Update agent for PCs that are configured to pull updates from WSUS. Instead of pulling the updates from WSUS, PCs may start grabbing them from peers on your network, leveraging the Delivery Optimization service for referrals to other PCs that have already obtained the content. This change should generally help reduce the amount of network traffic being generated for both quality (monthly) updates and feature updates, offloading that traffic from the WSUS server. It will add some additional traffic between each client PC and the Delivery Optimization service on the internet, as it has to talk to this internet-only service in order to get a list of peers.
If the Windows Update agent can’t talk to the Delivery Optimization service (due to firewall or proxy configurations), or if there are no peers able to provide the content, it will then go ahead and grab the content from the WSUS server.
There is a new Group Policy setting available if you want to disable this behavior, e.g. because you are already using BranchCache for peer-to-peer sharing. To do this, you need to set the “Download Mode” policy under “Computer Configuration –> Administrative Templates –> Windows Components –> Delivery Optimization” to specify “Bypass” mode, which will result in the client always using BITS to transfer the content from WSUS (with BranchCache jumping in to provide the peer-to-peer capabilities through its integration with BITS):
Of course to set this policy, you need the latest ADMX files, which can be downloaded from https://www.microsoft.com/en-us/download/details.aspx?id=53430 and are also included in Windows 10 1607 and Windows Server 2016. (The “Bypass” setting wasn’t available in previous versions.) See https://support.microsoft.com/en-us/kb/3087759 for details on how to update the Group Policy central store with these latest ADMX files, if you are using a central store.
We’re happy to announce the release of our newest free ebook, Deploying Windows 10: Automating deployment by using System Center Configuration Manager (ISBN 9781509301867), by Andre Della Monica, Russ Rimmerman, Alessandro Cesarini, and Victor Silveira.
Get a head start deploying Windows 10—with tips and best practices from experts in the field. This guide shows you how to deploy Windows 10 in an automated way without impacting end users by leveraging System Center Configuration Manager, which is the most used product to deploy Microsoft operating systems in the industry today.
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.
This security update is rated Important for all supported editions of Windows. For more information, see the Affected Software section.
The update addresses the bypass by adding an additional authentication check that will run prior to a password change. For more information about the vulnerability, see theVulnerability Information section.
Microsoft has released the Windows 10 Group Policy (.ADMX) templates . These .ADMX templates are released as a separate download package so you can manage group policy for Windows 10 clients more easily.
This new package includes additional (.ADMX) templates which are not included in the RTM version of Windows 10.
Windows 10 build 10240 has been released to the Fast Ring. That’s what I’m running on my laptop now. There were heavy rumors yesterday that this is the to Release To Manufacturing (RTM) build and is the one to be publically available on July 29th. But there is no hard confirmation on this by Microsoft yet Build 10240 now available for Windows Insiders in Fast and Slow rings.
“Over the past few days we’ve been preparing our release pipelines and processes, and this build is one step closer to what customers will start to receive on 7/29 …
On Monday we announced that builds from here on will only be available through Windows Update, so to get this one you can either wait and it will be installed automatically.”
Here’s how you prepare to roll it out in your company.
Windows 10 Professional: W269N-WFGWX-YVC9B-4J6C9-T83GX Windows 10 Professional N: MH37W-N47XK-V7XM9-C7227-GCQG9 Windows 10 Enterprise: N: NPPR9-FWDCX-D2C8J-H872K-2YT43 Windows 10 Enterprise N: DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 Windows 10 Education: NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 Windows 10 Education N: 2WH4N-8QGBV-H22JP-CT43Q-MDWW Windows 10 Enterprise 2015 LTSB: WNMTR-4C88C-JK8YV-HQ7T2-76DF9 Windows 10 Enterprise 2015 LTSB N: 2F77B-TNFGY-69QQF-B8YKP-D69TJ
Do note this is the key you use when you activate the Windows 10 Client against a KMS server. It is not the KMS license server key. That one you’ll need to obtain from your valid Microsoft licenses.
Microsoft has released a free ebook of “Introducing Windows 10 for IT Professionals, Preview Edition”. You can download the ebook here. Special thanks to Mark Swinkels