Thursday, April 13, 2017

Business Geek Rant: Microsoft updates and Windows 10, STOP FORCING THIS ONTO US!!!

So my real job is as a desktop and mobility administrator. i manage my companies desktops/laptops and also build images for them including a 'thick' hardware agnostic Windows 10 Enterprise image. I've been building images of Windows since XP (on a personal basis) and Windows 7 as my real job/task.  I know Windows very well and how each version functions and is serviced.  With Windows 10, Microsoft for some stupid fucking reason decided that THEY were superior testers of their OS and software so much as they would now start FORCING windows updates onto consumer and enterprise users machines, including corporate machines using just WSUS to manage updates.

The company I work at depends on Office 2016 and now Windows 10 very much.  We depend on it being stable platform and consistent in it's behavior.  Corporate environments still need to have scheduled maintence windows and our users computers NOT installing a major OS update in the background as they hack away on a 200 page document in Word 2016 which is also getting a major update in the background.  This last month our company has spent 40+ hours on figuring out exactly how Windows Updates, WSUS 4.0 and Group Policy really work together and we found out that...   we really don't know.  prior to Windows 10, we had FULL control over every update we downloaded, approved and pushed to managed workstations.  We could deny updates, not force restarts out of active hours (some people work longer than 12 hour days!!!) and simply defer major OS updates/changes for as long as we wanted.  I've used Windows heavily since Windows 95 and have been through WAY TOO MANY FUCKED UP Service Packs and even iterations of Windows (aka Windows ME and Vista).

The latest problems we have ran into also showed us that Microsoft Premiere Support doesn't even have real idea on how things worked; at least not until we put in official support tickets and put it to them to figure out WTF is going on.  We found a solution but it basically breaks the Windows Store and to fix requires us to setup an Azure account/cloud based solution for a Business Store. ?????  Why are these two features tied together in Windows Updates for the OS/Products and the Windows Store?  If Microsoft really drank their own kool-aid, they'd realize that Windows Store and the metro apps are BYOD solutions and in turn should have seperate independent update settings and group policy settings.  If anything, companies would prefer to allow Windows Store apps since non-admin users an install, apps are sandboxed, there are NO real enterprise apps in the store (thank god!!, manage metro apps in an image is a nightmare.. trust me, i found out the hard way).

Nope, microsoft got lazy and ties all policies of Windows Updates and Store updates into one set of policies.  So when we disabled windows updates, we broke the store for our users and access to any apps on it. we don't do off prem; we host ALL of our data including our own cloud data/dropbox type of systems.

Finally the wrap up; Microsoft needs to listen to corporate users and allow Windows 10 Enteprise editions FULL control over windows 10 updates with just the use of a WSUS server and not having to have SCCM .  Stop forcing reboots; home users aren't just facebookers or web surfers; we do real work and data processing on our machines at night or host our own media streaming servers, etc.

You are getting an early warning from just one small company's desktop admin and bigger companies will be updating this year and  once they run into our issues; they will not be happy and there will be bigger issues at hand; lost productivity due to bad patches, lost lawsuits due to pleadings not being accepted since you broke a feature in Word 2016 and subnotes/subscript.  Yea, stop being arrogant and listen to the enterprise admin/geeks.  We may just put in the effort to migrate everything to Mac OS X or even worse, Linux.