Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.
Read through the FAQ archives, or send him your questions via email.
Understand the support for semi-annual channel, how ready are you for Windows 10 and limiting the power people need to perform actions.
Q. How long is a Semi-Annual Channel supported for? I've seen different time frames.
A. You may have heard talk of the two newest branches being supported with a 60-day grace period, which was confusing as there was not a fixed timeline for new branch releases, so when would the grace period start? With the new, predictable cadence of Spring and Fall updates, the support statement is 18 months from the time of the Semi-Annual Channel release. This applies to Windows 10 and Windows Server 2016.
Q. Is there a list of drivers that work/don't work with Windows 10?
A. When planning for the Windows 10 upgrade, one part of the process is checking driver support. There is no single list of drivers that work/won't work with Windows 10. The best way to perform this check is through the free Upgrade Analytics. Information can be found at https://docs.microsoft.com/en-us/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness and basically it works as follows:
- A unique ID is generated which is specific to your organization
- This ID is applied to all your Windows devices in the organization
- As those devices report telemetry to Microsoft (the level of which is fully configurable) that telemetry is linked to your organization
- Upgrade analytics aggregates this information to provide a dashboard which shows information about Windows 10 readiness which includes driver state (in addition to application compatibility, hardware compatibility etc.)
Q. I want to give a user the ability to perform [a specific task] without making them administrators. How can I do this?
A. No standing privileges and least privilege are key tenants in todays IT world. The idea that people do not have elevated permissions until they actually need them and then only the permissions required to perform specific tasks rather than some all-powerful administrator capability. Depending on the service granular delegation may be required but for other services there may not be. A common solution is to use Just-Enough Administration (JEA) if the action to be performed can be done via PowerShell.
More information on JEA can be found at https://msdn.microsoft.com/en-us/library/dn896648.aspx but it really boils down to creating PowerShell Session Configurations that limit the cmdlets exposed, who can connect and the auditing/logging performed. Users then connect to a specific endpoint and can only perform the actions allowed.
