> So I'm waiting for "enterprise", which is supposed to allow me prevent
> non-security updates indefinitely. And it is also suppose to allow me to
> establish my own schedules and "rings" for exposing machines to other types
> of updates.
>
> However, my reading on this indicates that this feature is not yet actually
> available, and won't be fully implemented until sometime next year. I don't
> use an update server now, and I don't see the value of using one unless and
> until it can give me complete control over updates.
>
> MS is just as capable of screwing up a "security" update as it is
of messing
> up other updates. They've done it many times. Until I am certain that I can
> prevent ANY update from being installed until I know it is safe, I won't be
> putting Win 10 into production.
Isn't there some Windows Update Service you can put in place so all
the updates are delivered to your organization, but you control when
they actually apply to your machines?
https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
Yes, I knew about this. Just because MS says it's there and it works
and it's a good idea doesn't mean I'm buying it.
I'm still reading up on this.
I may be forced to drop my SAMBA domain. It would seem there is no
free (as in beer) implementation of Active Directory out there, not
even in the SAMBA 4.x world--or at least none that doesn't require
skills several levels above mine. That being the case, if I have to
pay to play, then I might as well go with a genuine Windows domain
controller, and if I do that, tthen I might as well implement a
Windows Update Server.
I have come across some stuff indicating that there may be some
combination of registry hacks and adjustments to the services list
that could completely block any sort of automatic update on a Win 10
machine, without using such a server.
However, my reading also suggests that if I defer "upgrades"--that
is, non-security changes to the software--for too long, then MS will
stop offering security updates for my machine(s) as well. I don't
think it matters if I use an Update Server or machine-level hacks to do this.
In other words, although Win 10 is the "last" Windows, each iteration
will apparently have its own (and possibly very much foreshortened)
"life cycle", rather like the life cycles of the soon-to-be-departed
Internet Explorer (as of January 12, 2016, I think it is, no versions
of IE older than 11 will get any more security updates, and we are
still required by a major state agency to use a centralized statewide
browser-based work-flow and document management system that only runs
on IE 9 with Silverlight).
There is also the news that the full-on Enterprise version is
actually a cut-down version of the OS, with no Cortana, no Edge, no
built-in email, and probably no a few other things about whose
utility I was at least curious. I think I can steel myself to live
without those lovely innovations, but still...
>I 'm pretty sure the industry is going in the opposite direction, where
> all of the machines become proprietary closed boxes controlled by the
> vendor and updates happened without any control by the end user.
It's one thing for large corporations to tolerate forced "upgrades"
of phones and tablets --convenience interfaces for stuff that isn't
actually running on those devices. It's quite another to expect big
enterprises to accept forced upgrades to the mission-critical systems
that run their core software, or the workstations on which most of
their daily work is done, especially at such an accelerated rate. So
once the implications of this really dawn on corporate IT
departments, this trend may yet be stopped.
> I wanted to get a Win 10 box to experiment with in the meantime,
but I think
> now I'll wait until at least after next "major" update, scheduled for
> October, and then see what the situation is after that.
It's time:
http://blogs.windows.com/windowsexperience/2015/11/12/first-major-update-for-windows-10-available-today/
Well, my understanding is that there's still stuff related to the
Enterprise update-management system that's not coming out until next spring.
My AV vendor just now released a beta version of its server-managed
product for Win 10 and it has serious bugs that probably won't be
ironed out until next year. I'm gonna have to cadge together a
separate testing server to run that on, and test it with some Win 7
boxes, and then later test it with a Win 10 box.
I don't think our accounting or Medicaid billing systems have clients
for Win 10 yet.
It's going to be a long road.
Ken Dibble
www.stic-cil.org
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/E8.B9.08021.49D36665@cdptpa-oedge03
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
