What’s new in Windows 10 Fall Creators Update, Redstone 3, 1709, 16299, etc

Hello all,

In the past month I have done 3 separate talks about the new release of Windows 10 FCU (1709).  The link below is the slides from the last talk:

CTSMUG201710 – Fall Creators Update 1709

The 5 links below are the most useful but I call out a lot of good data below.

Best

Advertisements

Windows Insider for Business (WIPfB) now with GPO control. Time to get a true pilot group in your enterprise

https://insider.windows.com/en-us/for-business-organization-admin/?utm_source=other&utm_medium=email&utm_campaign=201710-AdminAnnounce&utm_content=WIP_Body_OrgAdmin

 

You can now opt in people via GPO.

You can turn on Telemetry, Enable WIP, Select which build the machine gets.

You can view others submitted feedback from your company.  HOWEVER, you cannot edit or modify your companies submissions, yet.
I still say do a query of your enterprise to see who is already opted in.  Those who opted in over the past few years are your canary in a coal mine.

 

WAAS: Naming Structure Not-So-Secret Decoder Ring

In the past year we have had a lot of Nomenclature Changes for Windows As A Service (WAAS).  The following slide from Ignite 2017 really clears it up.  Just like designer MUD in a SPA.

WAAS Naming Alignment 01

How often Office and Windows updated?

WAAS Naming Alignment 02

What versions of Microsoft System Center Configuration Manager (ConfigMgr / SCCM) supports 1709 next week.

WAAS Naming Alignment 03

Windows 10 Fall Creators Update, 1709, Microsoft Windows [Version 10.0.16299.15], Redstone 3, RS3 release is Oct 17th 2017.  I know a lot of names for the same piece of software.

I am excited for next week.

Slide Source: https://view.officeapps.live.com/op/embed.aspx?src=https%3A%2F%2F8gportalvhdsf9v440s15hrt.blob.core.windows.net%2Fignite2017%2Fsession-presentations%2FBRK3075.PPTX

Travel without a Real ID in 2018 will be challenging for 10 states

REAL ID Federal Enforcement Act passed by Congress in 2005 “set standards for issuance of sources of identification, such as driver’s licenses”.  This is going to be enforced in early 2018.  I am sure these 10 states will do something.. just no idea what yet?

Source: Home Land Security – https://www.dhs.gov/federal-enforcement

tsa20generic

January 22, 2018

All non-compliant states/territories will be subject to REAL ID enformcement at TSA checkpoints

I have started to see posters pop up in airports.  Basically you are going to have a bad day (I’m sure something will be done) if you try to use a drivers license from these states

tsa20states

  • Kentucky
  • Maine
  • Minnesota
  • Missouri
  • Pennsylvania
  • Montana
  • Oklahoma
  • South Carolina
  • Washington

REAL ID compliant Alternative IDs

This assumes your states haven’t gotten with it

  • Driver’s licenses or other state photo identity cards issued by Department of Motor Vehicles (or equivalent)
  • U.S. passport
  • U.S. passport card
  • DHS trusted traveler cards (Global Entry, NEXUS, SENTRI, FAST)
  • U.S. military ID (active duty or retired military and their dependents, and DoD civilians)
  • Permanent resident card
  • Border crossing card
  • DHS-designated enhanced driver’s license
  • Airline or airport-issued ID (if issued under a TSA-approved security plan)
  • Federally recognized, tribal-issued photo ID
  • HSPD-12 PIV card
  • Foreign government-issued passport
  • Canadian provincial driver’s license or Indian and Northern Affairs Canada card
  • Transportation worker identification credential
  • U.S. Citizenship and Immigration Services Employment Authorization Card (I-766)
  • U.S. Merchant Mariner Credential

Source: https://www.tsa.gov/travel/security-screening/identification

Windows 10 Fall Creators Update (1709) Deprecated Features – PowerShell 2.0 is EOL among others

Fall Created Update (2017 RS3 1709) will be removing some more security holes.  I wonder if some of these are in response to the SMB1 fiasco (WannaCry for example).

  • TLS RC4 ciphers.
  • The SCCM Windows Hello deployed feature which has been replaced with the Registration Authority of Active Directory Federation Services
  • SysKey.exe gone in favor of Bitlocker
  • Enhanced Mitigation Experience Toolkit (EMET) is being removed for Windows Defined Exploit Guard (WDEG) feature
  • PowerShell 2.0 is very security holey – Twitter Tears Shed – Jeffery Snover
    • For example you can invoke PoSH 2.0 if it is installed.  Since it lacks logging you will have no idea what happened.  Most companies I work with just remove it from 1703.

Posted July 20th 2017 a list of features that are being depreciated or Removed from 1709.

Deprecated

Windows PowerShell 2.0

Applications and components should be migrated to PowerShell 5.0+.

Microsoft Paint

Will be available through the Windows Store. Functionality integrated into Paint 3D.

RSA/AES Encryption for IIS

We recommend that users use CNG encryption provider.

System Image Backup (SIB) Solution

We recommend that users use full-disk backup solutions from other vendors.

TLS RC4 Ciphers

To be disabled by default. For more information, see the following Windows IT Center topic:

TLS (Schannel SSP) changes in Windows 10 and Windows Server 2016

Removed

Enhanced Mitigation Experience Toolkit (EMET)

Use will be blocked. Consider using the Exploit Protection feature of Windows Defender Exploit Guard as a replacement.

Syskey.exe

Removing this nonsecure security feature. We recommend that users use BitLocker instead. For more information, see the following Knowledge Base article:

4025993 Syskey.exe utility is no longer supported in Windows 10 RS3 and Windows Server 2016 RS3

TCP Offload Engine

Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see the following PFE Platform Blog article:

Why Are We Deprecating Network Performance Features (KB4014193)?

 

 

Full List Source: https://support.microsoft.com/en-us/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up

Ding Dong Flash is Dead… on mobiles in 2020

Flash is dead…on mobile devices… in 2020 (same as Windows 7)

http://www.reuters.com/article/us-adobe-systems-flash-idUSKBN1AA22R

 

Oh Happy Day

https://www.youtube.com/watch?v=6zT8AyfsFmA

 

Unfortunately it will still be supported on desktop browsers.  However, I would not consider it far fetched to envision a world where more people user Mobile browsers than desktop ones.   I for one will never mind the constant security headache and popup ads killing my devices.

 

Free eBooks from Microsoft

https://blogs.msdn.microsoft.com/mssmallbiz/2017/07/11/largest-free-microsoft-ebook-giveaway-im-giving-away-millions-of-free-microsoft-ebooks-again-including-windows-10-office-365-office-2016-power-bi-azure-windows-8-1-office-2013-sharepo/?ranMID=24542&ranEAID=lw9MynSeamY&ranSiteID=lw9MynSeamY-wEHi3i0.hlt_HnAwmoDS7w&tduid=(00fbd30d71024abaab2b5cb6c5e7c446)(256380)(2459594)(lw9MynSeamY-wEHi3i0.hlt_HnAwmoDS7w)()

 

Free eBooks.. get em while they are … free!

Including:

  • Windows 10
  • Office 365
  • Office 2016
  • Power BI
  • Azure
  • Windows 8.1
  • Office 2013
  • SharePoint 2016
  • SharePoint 2013
  • Dynamics CRM
  • PowerShell
  • Exchange Server
  • System Center
  • Cloud
  • SQL Server and more!