Rolling out Windows 10 to a small govt.

[satukoro]

So I'm considering a Windows 10 roll out to my small Govt. to replace all Windows 7 installations.

Prior to doing this I was curious as to which version of Windows 10 is the best fit to replace Windows 7 Professional.

In my Volume Licensing Center, I have a bunch of versions to choose from, but I've heard bits about how Windows 10 Pro isn't quite as professional as it should be.

Is Windows 10 Enterprise LTSB 2016 a good fit for an organization of 150-200 workstations?

 

In addition to this, are there new group policies affecting only Windows 10 I should be aware of? Also, what sort of preparation is required before Windows 10 will behave appropriately for users who aren't remotely tech savvy?

Thanks in advance.

[+Biscuits Brown MVC]

I'd suggest Windows 10 Enterprise (if you have proper Volume Licensing) over LTSB. You can google for the benefits (or downsides) to the LTSB version. Since you are running Win 7 Pro now, I'd not think LTSB is what you want.  I can't offer anything for your second question.

[Daedroth]

By Govt, do you mean government? I'm assuming not, as they'd usually have a much larger amount of computers and more IT support personnel.

 

First thing it first - create a test workstation and test all your software. The last thing you want to do is deploy Windows 10 site wide and later find out that the software your organisation depends on doesn't work on Windows 10.

 

Just because you can see the downloads for the different versions of Windows in VLSC, doesn't mean you are licensed to use them. You need to check your licenses to see what you can use.

 

Windows 10 Enterprise vs Windows 10 Enterprise LTSB - A question that has split the IT professional community from my research. I chose against LTSB, as there would be no feature upgrades available for several years. So for example, I wouldn't be able to get the Creators Update if I wanted to deploy that, I'd have to wait until the next LTSB version is released. Since I use SCCM/WSUS to deploy updates, I can do the same with deploying (or not) these future updates.

 

For your not-so-savvy users, they will struggle with the conversion to Windows 10. You have to coax them into it and be prepared for a lot of support calls until they get used to it.

 

As for Group Policy, yes there are new ADMX files specifically for managing Windows 10. They are available from Microsoft if you Google it.

[Dot Matrix]

25 minutes ago, satukoro said:

what sort of preparation is required before Windows 10 will behave appropriately for users who aren't remotely tech savvy?

Not sure what you mean by this? There shouldn't be any "preparation," except maybe some documentation you can put up on the company portal just to allow folks to familiarize themselves with how Windows 10 works. Either way, expect an increase in support calls until folks get comfortable with things. 

[satukoro]

 

4 minutes ago, Daedroth said:

By Govt, do you mean government? I'm assuming not, as they'd usually have a much larger amount of computers and more IT support personnel.

 

First thing it first - create a test workstation and test all your software. The last thing you want to do is deploy Windows 10 site wide and later find out that the software your organisation depends on doesn't work on Windows 10.

 

Just because you can see the downloads for the different versions of Windows in VLSC, doesn't mean you are licensed to use them. You need to check your licenses to see what you can use.

 

Windows 10 Enterprise vs Windows 10 Enterprise LTSB - A question that has split the IT professional community from my research. I chose against LTSB, as there would be no feature upgrades available for several years. So for example, I wouldn't be able to get the Creators Update if I wanted to deploy that, I'd have to wait until the next LTSB version is released. Since I use SCCM/WSUS to deploy updates, I can do the same with deploying (or not) these future updates.

 

For your not-so-savvy users, they will struggle with the conversion to Windows 10. You have to coax them into it and be prepared for a lot of support calls until they get used to it.

 

As for Group Policy, yes there are new ADMX files specifically for managing Windows 10. They are available from Microsoft if you Google it.

I work for a (very) small town Government with literally just me as IT staff right now supporting around 150 employees until we can get another person in here to split the load.

[satukoro]

Just now, Dot Matrix said:

Not sure what you mean by this? There shouldn't be any "preparation," except maybe some documentation you can put up on the company portal just to allow folks to familiarize themselves with how Windows 10 works. Either way, expect an increase in support calls until folks get comfortable with things. 

I have no experience with Windows 10 in a work environment yet and was wondering if some of the newly introduced features would be potentially disruptive or out of place such as cortana or the store, etc.

[Circaflex]

1 minute ago, satukoro said:

I have no experience with Windows 10 in a work environment yet and was wondering if some of the newly introduced features would be potentially disruptive or out of place such as cortana or the store, etc.

If you decide to use LTSB, which you should, you will not have many of those "features" installed.

[Dot Matrix]

4 minutes ago, satukoro said:

I have no experience with Windows 10 in a work environment yet and was wondering if some of the newly introduced features would be potentially disruptive or out of place such as cortana or the store, etc.

Ah, I see. You may need to test out Pro or Enterprise before deploying, and figure out what kind of group policies you'd want to apply per your organization's computer use policies. I'd imagine for government, that Cortana would want to be disabled. The store is actually beneficial if you plan to deploy mobile tablets with Windows 10 that would need access to mobile management apps like Good for Enterprise or VMware Airwatch. Again, it depends on your usage scenarios. 

[goretsky Supervisor]

Hello,

 

You should look at the Enterprise SKU.  The LTSB version is for things like kiosks, point-of-sale cash registers and the like which need to run a single application on an unchanging OS.

 

Regards,

 

Aryeh Goretsky

 

[satukoro]

On 3/25/2017 at 2:37 AM, goretsky said:

Hello,

 

You should look at the Enterprise SKU.  The LTSB version is for things like kiosks, point-of-sale cash registers and the like which need to run a single application on an unchanging OS.

 

Regards,

 

Aryeh Goretsky

 

From what I've read so far, it looks like I'll be going with the Enterprise edition. It seems like Enterprise fits all my needs while still being somewhat up to date while giving me control over unwanted parts of the OS.

Thanks for the insight!

[JakeB]

On 3/24/2017 at 11:52 AM, Daedroth said:

By Govt, do you mean government? I'm assuming not, as they'd usually have a much larger amount of computers and more IT support personnel.

 

First thing it first - create a test workstation and test all your software. The last thing you want to do is deploy Windows 10 site wide and later find out that the software your organisation depends on doesn't work on Windows 10.

 

Just because you can see the downloads for the different versions of Windows in VLSC, doesn't mean you are licensed to use them. You need to check your licenses to see what you can use.

 

Windows 10 Enterprise vs Windows 10 Enterprise LTSB - A question that has split the IT professional community from my research. I chose against LTSB, as there would be no feature upgrades available for several years. So for example, I wouldn't be able to get the Creators Update if I wanted to deploy that, I'd have to wait until the next LTSB version is released. Since I use SCCM/WSUS to deploy updates, I can do the same with deploying (or not) these future updates.

 

For your not-so-savvy users, they will struggle with the conversion to Windows 10. You have to coax them into it and be prepared for a lot of support calls until they get used to it.

 

As for Group Policy, yes there are new ADMX files specifically for managing Windows 10. They are available from Microsoft if you Google it.

I don't thing training is a big issue if you have a good IT staff. As a government employee in IT we don't want users using the OS (per say). We want them to use the applications that run in WIndows 10. So we them up with shortcuts and easy ways to launch the apps they need for their job. We had 0% training for our users when we went from XP to Windows 7. We don't let users install anything and their have read only rights to almost everything on the machines. We have over 3000 computer. We also have been using Surface Pro's for our mgmt. The Surface Pro 3's came with Windows 8 and 4's with Windows 10. MS wouldn't support those devices with WIndows 7. So the the 3's were upgraded to Windows 10 and we haven't alot of issues at all.

But now our hardware engineers are anxious to move to Windows 10 across the board because of the new Intel processors  and other hardware that requires Windows 10. 

[satukoro]

1 minute ago, JakeB said:

I don't thing training is a big issue if you have a good IT staff. As a government employee in IT we don't want users using the OS (per say). We want them to use the applications that run in WIndows 10. So we them up with shortcuts and easy ways to launch the apps they need for their job. We had 0% training for our users when we went from XP to Windows 7. We don't let users install anything and their have read only rights to almost everything on the machines. We have over 3000 computer. We also have been using Surface Pro's for our mgmt. The Surface Pro 3's came with Windows 8 and 4's with Windows 10. MS wouldn't support those devices with WIndows 7. So the the 3's were upgraded to Windows 10 and we haven't alot of issues at all.

But now our hardware engineers are anxious to move to Windows 10 across the board because of the new Intel processors  and other hardware that requires Windows 10. 

Our small government IT office has been pretty slow moving over the past 10 years or so due to incompetent management. Now it's my sole job to get everything working nice and smooth.

I got my hands on our volume license agreement and have grabbed Windows 10 Enterprise N 1607 to start testing on some of our workstations. I think it'll be a moderately slow rollout because of how resistant our 50+ y/o employees tend to be. Some of them are super positive and forward thinking, and the rest are upset because we moved them away from Windows 98 and now things look different.

 

I think it'll be okay once I figure out the best way to go about the start menu being a pile of crap.

[xendrome]

On 3/24/2017 at 0:07 PM, Circaflex said:

If you decide to use LTSB, which you should, you will not have many of those "features" installed.

That's really bad advice.

[JakeB]

3 minutes ago, satukoro said:

Our small government IT office has been pretty slow moving over the past 10 years or so due to incompetent management. Now it's my sole job to get everything working nice and smooth.

I got my hands on our volume license agreement and have grabbed Windows 10 Enterprise N 1607 to start testing on some of our workstations. I think it'll be a moderately slow rollout because of how resistant our 50+ y/o employees tend to be. Some of them are super positive and forward thinking, and the rest are upset because we moved them away from Windows 98 and now things look different.

 

I think it'll be okay once I figure out the best way to go about the start menu being a pile of crap.

But remember you will probably want to not allow downloading from the store so the menu won't be as cluttered. Also you can create shortcuts on the desktop and add to favorites in your browsers. We actually use OKTA as an application launcher where passwords are stored and allows signing in without PW once logged into OKTA. Plus a thing to think about is soon Intel and AMD processors will not work with WIndows 7. 

[JakeB]

3 minutes ago, xendrome said:

That's really bad advice.

Why bad advice? It's not the features are not installed and more that the features are turned of in Group Policies based on your organizations policies. 

[xendrome]

1 minute ago, JakeB said:

Why bad advice? It's not the features are not installed and more that the features are turned of in Group Policies based on your organizations policies. 

LTSB, no feature updates for 2-3 years. A small government entity isn't exactly the target market. It's meant for Mission Critical devices. Like healthcare appliances, manufacturing, etc.

[Odom Member]

WIth all due respect, you sound like you don't really know what you are doing. Deploying a new OS that is (from the looks) pretty different from a previous one requires a lot of work and preparation and takes quite some time, depending on your environment. It is not only the looks of it, but also all the different things under the hood.

Off the top of my head you would need to do the following:

- Decide which Windows version to use, depending on your environment and features required. Do you have a maintenance support plan? What Licensing do you have? What about Office (or what you use for editing documents, it it compatible)

- What hardware do you use? Is it compatible? Are drivers available for the new Windows?

- Develop new GPO's for the new OS and harden your Windows machines (being a Government institution, I would think that security would be a big issue), lock your machines down as much you can

- What AD do you use, can you take advantage of all the new features? What about Office? If it is an old version , what about Exchange?

- Extensively test every piece of software for compatibility and interoperability (depending on the amount of applications, this takes the longest). Even if the applications work, are they supported by their vendors on Win 10?

- Build a test environment where you deploy a Windows 10 machine and test it with your current network and environment

- Pland and prepare how to roll out and/or migrate 150 machines, along with all the applications and user's data

- Windows 10 looks different than Windows 7, IT People usually don't have an issue with it, but regular people that think Word was uninstalled when the icon is gone from the desktop will have some issues in finding their way around the new OS. Think user training, user information, etc... As someone else said here, you will get a big increase in phonecalls with questions on how to do the simple things

 

There are tons more things to consider, these are just some that occured to me just now. I used to run projects like this in big companies and we had teams planning this and implementing and it took anywhere from a year to a lot more. This is not an adventure you get into just because you feel you should be doing something.

[farmeunit]

6 minutes ago, xendrome said:

LTSB, no feature updates for 2-3 years. A small government entity isn't exactly the target market. It's meant for Mission Critical devices. Like healthcare appliances, manufacturing, etc.

If the software works, I don't see the issue.  It stills get security updates, just not feature updates.  Frankly, the difference between 1511 and 1607 is fairly big, and that's just the Start Menu.  Text descriptions on gone, then user account icon moved, File Explorer removed, etc.  If you upgrade File Explorer is still there, but not new installs.  With LTSB, it will be a lot more consistent for longer periods of time.  Not to mention the apps and extra stuff they probably won't use or need in their environment.

[satukoro]

 

34 minutes ago, Odom said:

WIth all due respect, you sound like you don't really know what you are doing. Deploying a new OS that is (from the looks) pretty different from a previous one requires a lot of work and preparation and takes quite some time, depending on your environment. It is not only the looks of it, but also all the different things under the hood.

Off the top of my head you would need to do the following:

- Decide which Windows version to use, depending on your environment and features required. Do you have a maintenance support plan? What Licensing do you have? What about Office (or what you use for editing documents, it it compatible)

- What hardware do you use? Is it compatible? Are drivers available for the new Windows?

- Develop new GPO's for the new OS and harden your Windows machines (being a Government institution, I would think that security would be a big issue), lock your machines down as much you can

- What AD do you use, can you take advantage of all the new features? What about Office? If it is an old version , what about Exchange?

- Extensively test every piece of software for compatibility and interoperability (depending on the amount of applications, this takes the longest). Even if the applications work, are they supported by their vendors on Win 10?

- Build a test environment where you deploy a Windows 10 machine and test it with your current network and environment

- Pland and prepare how to roll out and/or migrate 150 machines, along with all the applications and user's data

- Windows 10 looks different than Windows 7, IT People usually don't have an issue with it, but regular people that think Word was uninstalled when the icon is gone from the desktop will have some issues in finding their way around the new OS. Think user training, user information, etc... As someone else said here, you will get a big increase in phonecalls with questions on how to do the simple things

 

There are tons more things to consider, these are just some that occured to me just now. I used to run projects like this in big companies and we had teams planning this and implementing and it took anywhere from a year to a lot more. This is not an adventure you get into just because you feel you should be doing something.

In all fairness, I haven't rolled out Windows 10 in a company yet. This is why I asked for advice.

However, do not assume this means I don't have a clue what I'm doing in terms of the points you listed.

 

If you read the OP, you'll see I was asking for rather specific advice in certain areas.

Thanks for your $0.02, but I think you're looking to far into the question.

[Dot Matrix]

1 hour ago, JakeB said:

MS wouldn't support those devices with Windows 7.

Please tell me you didn't try that...

[JakeB]

On 3/24/2017 at 11:31 AM, satukoro said:

So I'm considering a Windows 10 roll out to my small Govt. to replace all Windows 7 installations.

Prior to doing this I was curious as to which version of Windows 10 is the best fit to replace Windows 7 Professional.

In my Volume Licensing Center, I have a bunch of versions to choose from, but I've heard bits about how Windows 10 Pro isn't quite as professional as it should be.

Is Windows 10 Enterprise LTSB 2016 a good fit for an organization of 150-200 workstations?

 

In addition to this, are there new group policies affecting only Windows 10 I should be aware of? Also, what sort of preparation is required before Windows 10 will behave appropriately for users who aren't remotely tech savvy?

Thanks in advance.

Well one thing you need to understand is. Enterprise, Pro and Home are different versions. The basic difference in the 3 are what you can turn on or off in Windows 10. With that many workstations i would advise you tho go with enterprise. Pro and home you have to pay per machine and images are not legal. Probably the number one factor is how many IT staff you have and exactly what they do. My organization has Computer Engineers that develop and also set Group Policies. My organization is having a discussion now about the group policy in  IE about enabling 3rd party extensions in internet tools. We have software that requires it in IE but  doesn't cause an issue in Chrome. Our engineers are researching if they can isolate turning on this group policy for only the users needing it and not for our whole organization.

[Odom Member]

2 minutes ago, JakeB said:

Well one thing you need to understand is. Enterprise, Pro and Home are different versions. The basic difference in the 3 are what you can turn on or off in Windows 10. With that many workstations i would advise you tho go with enterprise. Pro and home you have to pay per machine and images are not legal. Probably the number one factor is how many IT staff you have and exactly what they do. My organization has Computer Engineers that develop and also set Group Policies. My organization is having a discussion now about the group policy in  IE about enabling 3rd party extensions in internet tools. We have software that requires it in IE but  doesn't cause an issue in Chrome. Our engineers are researching if they can isolate turning on this group policy for only the users needing it and not for our whole organization.

Yes you can. GPO can be applied to all users/machines or selectively to an AD Group.

[JakeB]

5 minutes ago, Dot Matrix said:

Please tell me you didn't try that...

But that is a concern with our Computer engineers

 

http://www.makeuseof.com/tag/windows-7-wont-work-intels-current-next-gen-cpus/

 

 

[JakeB]

15 minutes ago, Odom said:

Yes you can. GPO can be applied to all users/machines or selectively to an AD Group.

http://scottge.net/2015/07/28/differences-between-windows-10-home-pro-enterprise-and-education-editions/

 

GPO options vary based on which version  you have.

 

Edited March 29, 2017 by JakeB

[Circaflex]

1 hour ago, xendrome said:

That's really bad advice.

How so?

 

edit saw your reply to someone else. Fair enough, but I still wouldn't consider it bad advice, maybe not the most optimal but thanks for the info.