1. Introduction to the Microsoft Windows 10 Update Model
First off, understand this. Microsoft has an acronym they use; it’s called WAAS, which is Windows as a Service. And they call this their servicing model. Windows as a service means that Microsoft gives you Windows 10. Well, they don’t give it to you. It’s part of the deal. You purchase it, you have Windows 10, and then Microsoft promises to try to keep that Windows 10 serviced and keep it updated. But the terminology has changed a little bit over the years. We used to have service packs and all that stuff. Now Microsoft uses a term called “feature updates.” Now a feature update One thing you want to remember about it is that this is going to be a big update for Windows 10. This is going to be like a new build of Windows 10.
Okay? You’ll notice that these feature updates come out a couple of times a year, two to three times on average it’s been two times a year. There’s usually one that comes out during the springtime, so it’ll be around the March-April time frame. And then you’ll get one that comes out around the fall time frame. So it’ll be somewhere around July, August, or September, or something like that. And these will be big feature updates that contain tones of new features in Windows 10. And they’ll assign a version number to it, which will be a two-digit year followed by a two-digit month. For example, suppose you have Windows Ten’s 19th Anniversary Edition. That month is March of 2019. Basically. Feature update. The good news is that if you deploy a feature update and later decide you don’t want it, you can uninstall it. We’ll talk more about that a little later. But another type of update we have is a quality update. Quality updates are the little updates that we get that come out essentially throughout the month, and they get released on Patch Tuesday. These will be hot, high-quality features that may need to be fine-tuned or may have bugs or problems.
And again, that will happen on Patch Tuesday. Patch Tuesday is the second Tuesday of each month. So this is the traditional thing we’re probably all used to; we’ve had Patch Tuesday for a very long time. But again, the feature updates are the big ones, and they’re going to come out a couple of times a they’re now on top of that, something else we’ve gotis we got these things called update channels. Now in my next video, I’m going to demonstrate looking at these, but for now, I want to explain them. So there are three main channels that we’ve got, OK, that Windows 10 is going to be subscribed to. The Windows Insider programmer is the first channel to which you can subscribe to receive updates from Microsoft. You have to sign up for that. You have to go into the Settings app in Windows 10 and actually turn that on. It’s not turned on by default, and they kind of try to hide it from you a little bit. But you’re going to receive updates on these feature updates months before they go public. This is great for us. It’s people who want to test updates on lab computers and maybe pilot this before they go out to our actual production environment. The next one you’ve got is the semiannual channel. This gentleman, semiannual channel. This is going to be the default one that Windows is subscribed to. There are actually two versions of that.
You have a semiannual channel. You have a semi-annual channel in mind. and the semiannual channel makes it to where the updates will go live. And then your computers might get the updates maybe three to four months after they come out. These feature updates can be deferred. Or if you link to what’s called the “semiannual channel,” When you target the updates, your computer will receive them almost immediately after they become available to the public. Okay? Okay. And then the last one is called LTSC. long-term servicing of the channel This used to be called the Long-Term Servicing Branch (LTSB.But maybe a couple of years ago, they changed the name to LTSC. So make sure you understand that, because if you’re reading some documentation online, you might see the old name for it. The new name is LTSC. Okay, so what this is going to do is actually, in addition to installing I actually mentioned it in one of my previous lectures, but you have to actually have the Windows 10 LTSC version and have installed it on the computer. This is not something you just turn on. This allows you to push updates off for a maximum of ten years. Okay, so this is great in a situation where maybe you’ve got some kind of critical workstation that you’re afraid, when Microsoft releases a feature update, it’s going to break something.
This is perfect for that environment. Imagine this. Assume it’s a hospital, okay? Imagine a hospital. You’ve got a Windows 10 computer that’s dealing with a critical medical device. Who knows—maybe this device keeps somebody alive. Okay? The last thing in the world you want is for Microsoft to release a feature update that ends up breaking that machine and causing that medical device not to work, right? So this is that sort of thing. The Long Term Servicing Channel allows you to defer updates for up to ten years if you want these feature updates. So that’s critical. So again, as a Windows Insider, you get the updates before they come out. The semiannual channel lets you get the updates when they come out. And then the long-term servicing channel lets you defer for a very long time. Okay? Now, on top of channels, we also have what are called rings. And when you subscribe to your update channels, you are also subscribing to something called an update ring. And there are four of them.
You have Preview, which is linked to the Windows Insider channel you’ve chosen, which is linked to the semiannual channel you’ve chosen, which means you’ll get updates and feature updates as soon as they’re available. You have Broad, which is meant to be for the broad majority of your computers. That’s going to be a regular semiannual channel, and that’s going to make it so that updates will come out between three and four months after they go live to the public. Finally, a critical machine, which is considered a critical machine, and a long-term servicing channel.
So that’s what your update rings are. You subscribe to the channels, and from there, you’re linked to a ring. Okay. Now on top of that, we have tothink about how do we actually get updates. So if you have Windows 10 Home, there’s really only one option, and that is Windows Update. That’s the Windows Update service in the Settings app. I’ll show you that here. Coming up. And there’s no real way to control or test updates. They’ll be thrown down on the person’s machine whether they like it or not. You can now use Windows Update for business. The good news is, with Windows Update for Business, I can use Group Policy objects to control who’s going to get those. Unfortunately, I can’t test the updates prior to their release with just plain old Windows Update for business. The third option is called WSUS. Now. This is Windows Server Update Services. We’ve had WSUS now for, I think, 15 years or something like that. It came out in the early 2000s.
And this is a server that you can install on a Windows server. This is a service you can install on a Windows service server for free. If you have a licenced copy of Windows Server, you can install WSUS, which is a server that will go out, grab updates from Microsoft, allow you to deploy those updates to a test computer or computers, and then you can approve those updates to go to your production. So you’re going to have a lot of control if you implement W. Sus Okay, so WS is really powerful. I’ll talk more about that when it comes up. How do you install it, and how do you point your clients to it as well? Okay. You’ve also got tuning. We don’t really talk too much about Intune in this course. That’s more than the MV 101 thing. But Microsoft Intune is a cloud technology. It’s Microsoft’s MDM solution, and it allows you to link your Windows 10 computers to the Microsoft cloud environment. And through their web portal, you can control what updates get deployed to your machines that way. So you have quite a bit of control with that. The last method is called SCCM (System Center Configuration Manager). This is probably going to give you the most control over updates in an on-premises ontrol with that.But one thing I want to point out is that Sccm is not a standalone method for giving updates to machines. It actually uses WS. So you actually have to have WSU and Sccm, and Sccm is going to give you more control over WSUS.
And the reason is because if you have a lot of WSU servers, like, let’s say you have ten branch offices and you have a WSU server in every branch office giving updates, SCCM can centrally control all of those WSU servers. Another thing that SCCM can do is provide you with some very advanced reports that you don’t get with WSU. As a result, there are various advantages to doing so. There’s one other little thing I want to tell you about here. Another little feature that Windows 10 has that our older operating systems do not have is something called delivery optimization. You do need to know what that is. If you take an exam, delivery optimization is a peer-to-peer option that will allow Windows 10 computers to share updates with other computers. So as a Windows 10 computer gets an update, it can actually make that update available to a neighbor, and that neighbour can make an update available to another neighbor, and it can kind of go around in a circle. Okay? It’s kind of like a peer-to-peer torrenting style thing.
There used to be something called “branch caching” that you can still use, but it supports older computers. This is actually better, though, if you’re using Windows 10. Okay? Now I’ll also say this. You can also use delivery optimization and allow it to hook into the Internet, so you can share updates with people on the Internet and they can share updates with you. And the benefit is that you’re going to get your updates downloaded a lot faster if you do that.
The downside is that it’s going to use more bandwidth. You could also argue that there are some security concerns there, but keep in mind that it isn’t actually opening up any incoming ports. It’s all just doing what is known as “dynamic ports.” So it’s not a huge security risk, but allowing the Internet to sync up dates with you will definitely consume more bandwidth. I’m going to be showing you where that is in Windows 10 in this next little segment, okay? But hopefully that gives you a good overview of the different features, the different update rings, and all that good stuff. And in this next segment, we’re going to look at how you would actually configure some of that.
2. Configuring the Windows 10 Update Settings
The settings app And then from there, we’ll take a look at updates and security. So we’ll click there. Okay. You’ll have different options here depending on the build of Windows 10 you have. This build is a 19-three build. So as you can see, I just recently checked for updates, and my computer is actually going through the process of trying to install some updates. So it’s going to deactivate a few things. For example, normally I could pause updates, but it won’t let me pause right now because I’ve paused recently, and so it won’t let me pause for up to seven days.
Okay, but in any case, you can see the updates that it wants to pull here, as well as some of the different options that I have. Now, one thing I want to show you immediately that you’re going to want to know for the exam is this thing called active hours. So if you look right here, I’ve got this thing called “Active Hours” that I can click on, and from there, I can change my active hours if I want the active hours. An important thing to know about that is that active hours are not the time period during which you want updates to be active. Active hours are the times when you are physically present. Okay? So if I click this, I’m going to be setting the hours that I’m normally doing business on my computer. So if you normally work on this computer from 9:00 a.m. to 5:00 p.m., then you’re great. You’re good. You can just leave it the way you want. If you actually work in the evening and not during the day, you would want to adjust the settings for the evening time. So, if I wanted to change this, let’s say my active hours start at 7:00 a.m.; simply change it to seven, and I’ll go to 6:00 p.m. Maybe those are the time periods that I generally work. You can set this window to a maximum of 18 hours, as you can see. But again, active hours are the hours that I’m working, not the hours that the updates are actually going through.
So I’m going to click save. And, of course, now it’s going to try to do updates later today as opposed to trying to do those right now. Okay, so going back over here to Update, Update, and Security, I want to look at some of these other settings that I can configure here. All right, so I’ll scroll down here. I can look at the update history if I want and see the different things that are going on in regards to that. Another thing I want to show you is this thing right here called Advanced Options. I’m going to go there and I’m going to tell you that because my computer is actually going through the process of getting a feature update right now, I’m missing a couple of things. I don’t have the ability to choose my channel right here. Also, I can’t pause updates. You know that already. Another thing is that there are going to be two dropdowns that you’re normally going to see here when your computer is not going through updates. One is going to be a deferral period for feature updates that will let me defer feature updates for up to a year. So I can defer feature updates for up to a year. I can select a small option here that says defer updates for up to a year.
Okay. Another option is that I can defer quality updates for up to 30 days, so you can defer feature updates for up to a year. You can defer quality updates for up to 30 days, and you can pause updates for up to 35 days by default. So you can adjust those settings if you want. Keep in mind that in order to do a lot of that, you must be an administrator. But once you enable them, if I set the deferred period up to a year, then a person can do that for up to a year.
If you give them that control, they can by default set both of these values to zero, which means people cannot defer updates. They can pause, but they cannot defer. This is where these settings will be. Again, my computer right now is going through an update, so you won’t see it. However, if you open it on your own computer, you will most likely see that you can remove that. Okay. Now the other thing is that I want to show you delivery optimization. You can get to delivery optimization by going there, or if you are back on the Settings app main homepage here, you can get there by clicking Delivery, going to Update and Security, and then clicking the Delivery options directly. See how it appears as a button right here for me to click?
Okay. Currently, delivery optimization is turned on. If you remember what I told you, delivery optimization is going to be something that allows peer-to-peer sharing of updates. So right now that it’s turned on, my computer will share updates with other computers. Right now, it’s just my local network. But if I do not want to share updates, maybe I want to share updates with the internet. I could choose the second option here. Or if I want to turn this off, I can simply switch it off. Okay. And here is my server. I’m going to go to Manage to add roles and features. Next.Next. Next. And here are the various roles that my server can play. and you’ll see WSUS is right here. So I could turn that on, select that, add the features, and then I could install this on the server. At that point, I could go out, I could download updates using WSUS, and I could approve those updates to be deployed down to my clients.
Now I’m going to tell you that I’m not going to be demonstrating the WSU stuff right now. That’s more of a server thing, but that’s the gist of it. I’ll also tell you this, though. Client computers don’t just magically know if you’ve installed a WSU server. You actually have to tell your clients that they need to get updates from WSU. And I want you to look at how to do that. That’s something they want you to be aware of for the test, which is that you can assign your client computers to get updates from WS. and the way you’re going to do that is through a GPO. We’ve learned about GPOs in the past. We’re going to go to tools for group policy management. And then I’m going to create myself a GPO. So I’m just going to zoom in here and right-click. I’m going to say “new GPO.” I’m going to call it WSUS, and then I need to edit that GPO.
So we’re just going to edit the GPO. And the policy that you’re going to want is going to be located under Computer Configuration Policies, administrative templates, and Windows components. Move this over a little bit, and you’ll see that if you scroll down, you’ll see Windows Update. Now one thing I want you to be aware of is that there are two policies that have to be turned on in order to implement WS,
okay? so that your client computers will know to get updates from WSU. I’m going to zoom in, and here are the two policies that have to be turned on. The first one is called “configure.” Policy on automatic updates The second is the Microsoft Update specific intranet. This policy is going to force automatic updates on people’s machines, which are already turned on by default. It will, however, allow you to set a schedule for when you want the updates to be installed on People’s Machine. The second policy specifies the intranet Microsoft update service location.
This is going to let me pinpoint what my WSU server’s name is. So I’m going to do this first one here. I’m going to double-click on it, and we’ll go right here. We’ll enable it. We’re going to choose this option here that says “auto download” and schedule the install. And we’ll schedule the instals for Wednesdays at midnight. So, if you look closely, you’ll notice that you’ll have auto download and install scheduled every Wednesday at midnight. Okay? So we’re going to go ahead and turn that on. Okay, that’s now enabled, but we still have to actually apply this where the client knows who the WS server is. So we’re going to double-click here on this update. We’re going to enable it, and we’re going to specify who our WS server is. So the way that you do that is you put, if you’re doing this without encryption, HTTP and the port number. If you’re doing HTTP, which requires a certificate that allows you to do encryption, You would then do 85, 31.
So I’m going to put that in, and then for the statistics, you’re just going to do the same thing, the same exact thing. That’s going to be the server that gathers statistics for you. When it comes to your WS server, usually people just point to the same server for that. Although if you had a hierarchy of WS servers, like a parent WS server and a bunch of child WSUS servers, the parent could collect statistics for all of them. At that point, I’m going to click okay, and I’ve now enabled the two required policies for telling clients about WSU. So then I would close this and link it to whoever I wanted this to go to. If I want this to go to my computers in New York, I’m going to drag and drop it over to New York.Click OK. And this GPO is now assigned to New York. And then the only thing I would need to do there is wait for my clients to refresh. Or if I wanted to jump back over to my client, I could run Gpupdatesforce. Okay, so even though we’re not really looking at how to use the WS class because it’s not a server class, we at least can see here how you can tell your Windows Ten clients how to get updates from WS, okay? who they get their updates from. Hopefully, this has given you a better understanding of the updates in Windows 10 and how to configure it all.
