The converged and hyper-converged infrastructure markets have gotten a lot of lip service lately, especially with respect to supporting VDI deployments.
There are several reasons hyper-converged infrastructure (HCI) could be the right choice for companies looking to deploy virtual desktops. Hyper-converged platforms offer tightly integrated storage, networking and compute that are software-defined and tailored to run virtualization workloads. They also come with a management interface that can help IT administrators deploy, control and troubleshoot virtual desktops. All these advantages make it fast and easy to deploy VDI quickly, and shops can add more components as their deployments grow. And when all the pieces come from the same vendors, companies can rest assured that they’ll work together well, and there’s one throat to choke when something goes wrong.
But for shops that have already deployed VDI, investing in an HCI stack might not be the smartest or most cost effective choice. If there’s an opportunity to repurpose the servers and other hardware that used to support VDI when a business brings in HCI, then it could be worth it. Otherwise, companies could end up with a shiny new stack to support VDI while the old servers collect dust. Additionally, there are some personnel changes—and potential challenges—that admins should prepare for. HCI unites disparate hardware, so companies often find that they need fewer people to manage their new systems.
There are a lot of moving parts to consider and options to weigh. Deciding whether to deploy HCI goes beyond the question of use case. Companies must also consider which vendor to buy from. Get started with the decision making process with our three-part guide to hyper-converged infrastructure for VDI, VDI Hums on Finely Tuned Hyper-Converged Infrastructure.
As I learn more about the built-in Windows command line tool for Deployment Image Servicing and Management, aka DISM, I’m always amazed at its many capabilities. As anybody who’s upgraded Windows installations knows, Windows sometimes fails to produce the right device drivers during that process. As it happens, DISM can help with that. You can use the utility to export all of the current drivers to a folder on another storage device before performing the upgrade, then return to that folder once the upgrade is done to recover drivers that Windows may not have been able to supply on its own. Experts recommend using a USB flash drive for this purpose, but any Windows-compatible storage device will do. When DISM exports drivers it references their OEMnn.inf files as stored in the Windows DriverStore folder though, so you may also want to use a tool like DriverStore Explorer (RAPR.exe) to map those arbitrary names to specific devices and the drivers that go with them.
Syntax Details When DISM Exports Drivers
Here’s the syntax for performing this action:
dism /online /export-driver /destination:R:\DriversW10.1511.218
Let me explain a little more about what’s going on when DISM exports drivers, in list form:
- The /online switch tells DISM to work from the windows image that’s currently running
- The /export-driver switch tells it to grab the contents of the DriverStore folder in Windows. Its complete path is C:\Windows\System32\DriverStore.
- The /destination switch tells DISM where to write the drivers it finds in DriverStore. Note that the R: identifies the drive to which I wrote those files for this example on my PC. You’ll need to change it to target your chosen destination instead. Note further that the folder into which the drivers get written — DriversW10.1511.218 identifies Windows 10, Version 1511, Build 218 — must exist for DISM to do its thing. That means you must create it yourself in advance before running this command.
- Don’t forget to launch DISM from an administrative prompt (“Run as administrator”). Otherwise, it won’t work.
- You might also run RAPR to produce a list of all the OEMnn.inf files in DriverStore, and the devices to which they correspond. Take a screenshot to preserve that mapping for later reference. Stick it in the same destination directory for easy access later on.
I got a screencap of this from my production desktop to illustrate the output from running this command:
Apparently, I’ve got 25 drivers on my production PC that come from a source other than Microsoft.
Quick inspection of that output shows why I like to grab and save a RAPR listing of the same stuff (it tells you where to go looking for stuff in Device Manager to figure out which drivers to grab following an upgrade):
The Oemnn.inf names make more sense when you can map them to Driver Provider and Class information.
With the free upgrade deadline for Windows 10 approaching on July 29, more businesses are thinking about migrating to that desktop OS version. But the vast majority of commercial concerns — particularly those with thousands of users and OS licenses — already obtain Windows from Software Assurance or Volume Licensing contracts. They aren’t under the same time pressure to take advantage of “free” upgrades because they pay over the life of their contracts anyway. For such organizations, the real concern is to make sure that key applications and services work properly in Windows 10. They don’t want production desktops and environments to be adversely affected by its rollout and deployment. That’s why initial testing and experimentation in the form of a Windows 10 pilot program can play an important role.
Now’s a Good Time for a Windows 10 Pilot Program
Moving from an old runtime regime to a new one is a demanding task. It takes considerable time and effort, and inevitably ends up costing money. But even for organizations that jumped onto Windows 8 (and market research says there were precious few of them), Window 10 will probably be a necessary migration. That’s because Windows 10 introduces a new model for upgrades and updates, which will keep coming at regular, fairly closely-spaced intervals from now on. That’s in stark contrast to a new major version once every two or three years since Windows NT made the scene in the mid-1990s, now over 20 years ago (Windows NT 4.0 appeared in 1996). Many commercial concerns and large organizations adopted an informal “every-other-release” migration plan in the past because of the time, effort, and expense involved. But it seems that Windows 10 is a matter of “when,” not “if,” for most outfits simply because it’s slated to stick around for a long, long time.
That makes 2016 a great year for organizations that haven’t already started piloting Windows 10 in-house to get going. Organizations can track behind the leading edge of Windows 10, which is simply called the “Current Branch” and represents the most current release of Windows 10 (Version 1511) plus the most current cumulative update and all subsequent interim updates (Build 10586.218 as I write this post). The first milestone after that is called the Current Branch for Business (CBB) which is also based on Version 1511, but which currently rests at Build 10240 at the moment. It’s designed to support staged deployments of new features to match scheduled rollouts typical in most production commercial environment. It tracks about 90-180 days behind the Current Branch, to give organizations time to test and vet upcoming updates, and to plan workarounds for updates that won’t work if put into production. The last stage in the branch structure is the Long Term Servicing Branch, which tracks one year or longer behind the Current Branch, and receives no new features but gets security and other updates necessary for proper operation. It’s aimed at factory floor machinery, POS systems, automated teller machines (ATMs), and other tightly-managed and locked-down systems.
The real bleeding edge is the Insider Preview Branch, which tracks new features as they appear (and which may never go into production).
[Source: TechNet: Windows 10 servicing options]
Despite the appeal of hanging back as far as the Long-Term Servicing Branch, most businesses will be served best by focusing on the Current Branch for Business. Power users and those working on Windows 10 evaluations going forward should stick to the Current Branch for a more forward-looking take on upcoming Windows 10 stuff. But only non-production machines should ever play host to Insider Preview releases.
At the same time, the Windows 10 pilot program can also try out new PCs. This might include some of the latest hybrid 2-in-1 devices (tablet + keyboard such as the Surface Pro 4 or Surface Book) or latest generation laptops (such as the Dell Latitude 13 7000 series). Ditto for desktops (something with a 1151 socket, a Skylake CPU, and an NVMe SSD). This is also a great opportunity to dig into Microsoft’s Azure Active Directory, which provides seamless integration for Office 365 via Azure AD accounts. Interested admins will find lots of cool new features and functions to play with.
The Perpetual Windows 10 Pilot Gets Underway
The most important aspects of any pilot program are to assess the impact of migration on key line-of-business applications and services, and to determine what must change (and what can be maintained) while keeping workers productively and constructively engaged. This also means testing deployment tools, provisioning and rollout tools and methods, and getting everything ready to take into the field. It will actually turn into an ongoing process that happens continuously going forward, because working with Windows 10 means keeping a forward-looking pilot project constantly engaged to track upcoming changes and releases from the Current Branch (or Insider Preview) that will ultimately propagate into the Current Branch for Business.
At the outset of 2015, Microsoft announced it would offer a free upgrade to Windows 10 for devices running Windows 7 and 8.1. (Here’s a Terry Myerson blog post devoted to that topic, dated 1/21/2015.) That update was always planned to last one year from the release date for the new desktop OS. And sure enough, MS has now stated that the free Win10 upgrade ends on July 29, 2016, exactly one year to the day from that initial release date. MS Corporate VP Yusuf Mehdi stated this clearly in his May 5 post to the Windows Experience blog entitled “Windows 10 Now on 300 Million Active Devices — Free Upgrade Offer to End Soon.”
Here’s the relevant language, which appears at the tail end of the afore-cited blog post:
…today, we want to remind you that if you haven’t taken advantage of the free upgrade offer, now is the time. The free upgrade offer to Windows 10 was a first for Microsoft, helping people upgrade faster than ever before. And time is running out. The free upgrade offer will end on July 29 and we want to make sure you don’t miss out. After July 29th, you’ll be able to continue to get Windows 10 on a new device, or purchase a full version of Windows 10 Home for $119.
The actual MSRP for Home is $119.99. For those interested in Windows 10 Pro instead, the “full version” MSRP is $200 in the USA. You can also find OEM versions of that license (good for installation on a single computer, but not transportable from one computer to another like the full version) for $140 or thereabouts. But according to Microsoft, that’s what it will take to jump on the Windows 10 bandwagon after the 7/29 deadline comes and goes.
Here’s the word, straight from MS Corporate VP Yusuf Mehdi.
How to beat the “free Win10 upgrade ends” restriction, if you must
Users running Windows 7 or 8.1 who don’t wish to migrate to Windows 10 before the expiration date hits can trade some time and effort against the future expense of buying a license thereafter. How’s that? Simply by upgrading, making a snapshot, then rolling back to the pre-upgrade machine state. In somewhat more detail, here’s a 10,000-foot overview of that process:
- Start by making an image backup of your current running Windows 7 or 8.1 environment
- Perform the upgrade install from that current environment to Windows 10
- Apply all pending updates to that Windows 10 install, then make another image backup of the new Win10 environment
- Restore the original image backup of your current running Windows 7 or 8.1 environment
You’ll be back where you started, but you’ll be out the time and effort required to make those backups and perform the upgrade. After July 29 comes and goes, you’ll be able to restore the image of the Windows 10 environment you created to exercise your free upgrade offer before the expiration date passed. You’ll also be out the storage space necessary to keep that upgrade image in suspense until you’re ready to wake it back up. If my experience is any guide, this will take 3-4 hours of your time, and somewhere between 20-25 GB of disk space on the low end, and probably no more than 100GB of disk space on the high end (YMMV, though, depending on how much stuff you allow Windows to keep in the Photos, Pictures, and Documents folders in the Windows Library environment). If you need more time, don’t let the free Win10 upgrade ends deadline catch you either napping or unaware!
I was amused to read Mary Jo Foley’s latest report at ZDNet this morning. She relays that Microsoft has dropped the ability for Windows admins to keep blocking Store access in Windows 10 Pro. Their reasoning is apparently two-pronged:
- According to Microsoft, Store access is “required for all versions of Windows 10 except Enterprise and Education ‘by design'”
- Those organizations that really want clamp-down capability on Windows 10 desktops should buy licenses for Enterprise, not Pro
Though KB3135667 looks like troubleshooting advice, it’s really a policy statement (not Group Policy, either).
Why Blocking Store Access for Win10Pro Is Valid No Mo’
The official change is covered in KB Article 3135667. It is entitled “Can’t disable Windows Store in Windows 10 Pro through Group Policy.” In asking MS to confirm this change, MJ Foley asked why blocking Store access in Windows 10 Pro is no longer supported. IMO, that response is a masterwork of doublespeak:
Microsoft is focused on helping enterprises manage their environment while giving people choice in the apps and devices they use to be productive across work and life. Windows 10 Enterprise is our offering that provides IT pros with the most granular control over company devices. Windows 10 Pro offers a subset of those capabilities and is recommended for small and mid-size businesses looking for some management controls, but not the full suite necessary for IT pros at larger enterprises. The ability to block access to the Windows Store is typically for organizations who want more control over corporate-owned devices. This fits into the value of Windows 10 Enterprise.
My translation: to maintain complete control over your Windows deployments, don’t buy the retail-oriented Windows 10 Pro. Instead, you must sign up for a volume license agreement, and jump on the Windows 10 Enterprise bus. Any questions? MJ Foley’s summation of the forces driving this change is also a gem: “Driving visibility and use of Windows Store has been one of Microsoft’s goals with Windows 10.” Given that OS revenues are dropping, and that commissions on Windows Store sales are turning into a cash cow, I guess this makes sense — at least, to Microsoft. I’m wondering if business customers who’ve shied away from volume licensing until now feel the same. Having myself recently been inducted into the Microsoft Volume Licensing Service Center, I think the answer is “probably not!”
[Thanks to Shawn Brink over at the News Forum at TenForums.com for bringing this matter to my attention. Keep up the good work!]
There’s an interesting problem facing those running Windows 10 on limited storage capacity tablets and similar devices. Given typical eMMC or flash “drives” of 32 GB or less, best practice can dictate that such limited storage be augmented with SDXC cards readily available in sizes from 32 to 256GB. This may also involve relocating all kinds of storage from the primary storage device to that SD card, including user files of all kinds (documents, downloads, and so forth) as well as application and app files of all kinds. Recent reports from the field indicate that some people who’ve moved Windows 10 apps from the Store to SD devices can’t apply updates from the Store to keep them current. If you or your users find that SD-based apps won’t update, there’s a simple but potentially vexing fix you can apply.
Windows 10 is very accommodating about changing locations for all kinds of data, but says nothing about apps needing NTFS formatting to update.
If SD-based apps won’t update on your system, a fix is possible…
The problem apparently stems from conflicting defaults. App Store updates expect to reside on NTFS formatted storage devices, but SD cards are typically formatted using some form of FAT (usually exFAT for larger devices) formatting instead. It seems that Windows 10 won’t propagate app updates into non-NTFS storage devices. Thus, the fix is to reformat the SD device from its current format to NTFS. The downside, of course, is that all relocated apps will then have to be reinstalled onto the newly-reformatted SD card. This takes time and effort, as documented in these CNET and How-to-Geek articles.
On the other hand, it seems that it might work to copy the contents of the SD card to some temporary location, reformat it to NTFS, then restore those contents onto the newly-formatted drive. I’m going to try this on my Surface Pro 3, as soon as I have enough time to set all this up and try it out. I’ll report back later after I’ve attempted to make this work. My hope is that this will also fix the “SD-based apps won’t update” problem. Stay tuned!
[Thanks to Sergey Tkachenko at Winaero.com, whose recent Fix story provided the impetus and information for this blog post.]
The path to Windows 10 has been full of sunny skies for many companies right out of the gates. The operating system already stakes its claim to second place in the market based on desktop share by version. But what about the organizations that are happy with their earlier versions of Windows?
An OS upgrade just isn’t in the forecast for some companies whether Microsoft likes it or not. And it seems Microsoft does not like that. As a result, some Windows 10 storm clouds have rolled over a few organizations still using their non-Windows 10 umbrellas.
First of all, the OS automatically downloads itself on to some users’ computers when they perform a routine Windows update. Other times, a Windows Update will “recommend” that the user make the move to the new OS. That suggestion does not care who you are or what you are doing, just ask this poor weather woman:
Microsoft has even hidden Windows 10 advertisements in its security updates for Internet Explorer on Windows 7 and 8.1. Not only does the security patch include a Windows 10 ad generator that stamps a Windows 10 upgrade ad at the top of every new tab a user opens, but it also automatically installs a how-to guide on upgrading to Windows 10.
Just like an unwanted snow storm, Windows 10 inserts itself into users’ lives so it is important to keep that in mind as companies consider making the move to the new OS.
Certain advanced security features on Windows 10 work only on machines new enough to boot via the Unified Extensible Firmware Interface (UEFI). These include Secure Boot, Credential Guard, Device Guard, and the Early Launch Anti-malware driver. The wrong installation media or incorrect installation technique produces Windows 10 machines that boot from Legacy BIOS, not UEFI. This applies most often to BYOD laptop and notebook PCs where admins probably didn’t install the OS. What’s the quickest way to confirm or deny UEFI boot-up on Windows 10?
Above and beyond security features, UEFI also supports bigger disks, signed book loaders, plus faster bootup/shutdown/sleep/resume timing.
The Quick Way to Confirm/Deny UEFI Boot-up on Win10 PCs
Run the built-in Windows System Information utility (msinfo32.exe) to find the information you seek on the “BIOS Mode” line. If it reports BIOS, the machine runs Legacy BIOS. If it reports UEFI, the machine runs UEFI for boot-up. If BIOS shows up here, and you want to or security policy requires you to switch to a UEFI boot, a two-step process is needed. Warning: neither of those steps is terribly easy nor is it likely to be quick:
- You must check to see if the target device supports UEFI. The best way to do that is to find the maker’s product page and check for direct confirmation of UEFI support. If it’s absent, the device may not be able to support UEFI. Be sure to check third-party sites such as notebookreview.com, TenForums.com, and so forth to determine if the machine is UEFI-equipped or not.
- If you want a Windows 10 machine to boot from UEFI, there’s no way to switch from Legacy BIOS to UEFI except by a clean re-install of the OS (that’s because the low-level disk format has to be replaced, which usually involves a switch from MBR to GPT formatting and a complete disk wipe along that way). This means that capturing all settings, preferences, and data is a must, and that all applications will need to be reinstalled and reconfigured (and settings, preferences and data restored) following the re-installation of the OS.
Thanks to Shawn Brink at TenForums.com for putting an excellent tutorial together to explain how to determine UEFI boot-up presence or absence on Windows 10 PCs. This same information applies to (and was originally developed) for Windows 8 versions, BTW. One more thing: as Brink observes in that tutorial, the other conclusive method to determine the presence or absence of UEFI boot on a Windows 10 (or 8) PC is to open the Disk Management (diskmgmt.msc) utility. Then, look for the presence or absence something labeled “EFI System Partition” on the system’s Boot drive. If you see such an animal, the target machine can boot from UEFI.
For a long time now, I’ve relied on NetMarketShare.com to provide some sense of the make-up of web traffic, especially as it pertains to desktop OSes. The US Government operates its analytics.usa.gov site, which provides a more general view of who’s logging into their servers. Here’s a partial screencap that breaks out OSes from the 2.14 billion visits to those servers over the past 90 days that shows an interesting view of OS use on web:
A good view that includes all OSes shows how the desktop stacks up against mobile access.
[Source: analytics.usa.gov on 4/27/2016: Visits in the Past 90 Days]
What analytics.usa.gov says about OS use on Web
There are a lot of things I like about this kind of view, including:
- The combination of both mobile and desktop OSes gives a more balanced view for OS use on web over the monitoring period. This helps put the total user base into perspective. Frankly, I’m surprised that desktop OSes still account for a majority of the traffic (at least 60.7%) over mobile ones (at least 37.1%). Overall it breaks roughly down to 3 desktop users for every pair of mobile users. Common sense urges me to add that this could be because the US government’s websites aren’t as mobile friendly as the overall website population.
- It’s interesting to observe that the ratio of Windows 7 to Windows 10 is almost exactly 3:1 (32%:11% to be precise, or 2.91:1). It’s even more interesting to see that the combined Windows 8 versions come to 6.4%, and that XP (1.6%) and Vista (1.1%) show up as just about on par with one another. This is a more nuanced view that NetMarketShare offers. This data also suggests that Windows 10 is taking more marketshare from other Windows versions, including Windows 7, than other sources currently suggest. NetMarketShare, for example, shows that for March, the ratio of Windows 7 to Windows 10 users was more like 3.67:1 (51.89%:14.15% to be more precise).
- It’s also fascinating that iOS users overtop Android users (19.4%:17.7%) in this view. Given the relative size of the smartphone populations running those mobile OSes, I’d have expected Android to outnumber iOS by a pretty significant margin. However, a quick online search teaches me that my intuition is worthless in this case: in the USA, iOS has been outselling Android since the release of the iPhone 6 in March, 2015, and enjoys a slight lead over Android. That’s just what analytics.usa.gov shows, and what gives me some faith that its numbers reasonably reflect the current reality on the ground.
Going forward, I plan to drop in on this site more often, and to use it as a foil for other sources of desktop share data to round out my sense of OS use on web. What I see there is already interesting. What will be even more interesting is to watch the steady march of Windows 10 as it starts to dig more deeply into Windows 7’s current dominance.
The latest 14328 build for the Windows 10 Insider Preview went to Fast Ring users last week. This so-called “Anniversary Update” should go public in July, about one year after Windows 10’s initial release. This build includes LOTs of changes and enhancements (see this April 22 Windows Experience Blog post for details.) Among those changes is a new setting that adds driver update controls over Windows Update.
Here’s a snapshot of that new Windows Update policy object:
The “Do not include drivers …” policy item is highlighted.
[Click the image to see a full-size view.]
If you double-click that item, the UI provides a radio button to enable this policy. The item resides in:
Computer Configuration >
Administrative Templates >
Windows Components >
Once the policy is enabled, Windows Update no longer delivers drivers. The screencap shows Local Group Policy Editor at work. Presumably, the same control will also be available at the domain level. That’s where it makes sense to apply such policy in larger environments, rather than per-machine. Either way, adding driver update controls to Windows Update is a welcome addition.
Who Wants Driver Update Controls for Windows Update?
IT organizations that administer large numbers of Windows clients already know that device drivers can be trouble in production environments. That’s because propagation of the wrong driver can cripple or bring down large numbers of clients. I applaud the development team at Microsoft for adding this control to the Group Policy Editor.
If Microsoft wants to make some private version of Windows Update palatable to large-scale corporate or organizational users, such a policy is a must. It will also be welcome to administrators grappling with BYOD Windows devices. Too bad this is a Windows 10 only thing. Worse, we have to wait until late in 2016 or early 2017 before driver update controls pop up in Current Branch for Business. “Better late than never” is the only possible rejoinder to that observation.
[Note: thanks to Sergey Tkachenko at Winaero.com for making me aware of this particular change. His article “How to turn off driver updates in Windows Update in Windows 10” led me to write this blog post. Spaciba, Sergey!]