Q. How much free disk space is required when performing an in-place upgrade to the latest Windows 10 build?
A. The exact amount of space required for each in-place upgrade of Windows 10 varies. The exact space required varies per machine, per build however the recommendation is to ensure at least 10 GB of free disk space should be available.
Windows 10 deployment considerations
There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
For many years, organizations have deployed new versions of Windows using a “wipe and load” deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
Windows 10 also introduces two additional scenarios that organizations should consider:
- In-place upgrade, which provides a simple, automated process that leverages the Windows setup process to automatically upgrade from an earlier version of Windows. This process automatically migrates existing data, settings, drivers, and applications.
- Dynamic provisioning, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.Both of these scenarios eliminate the image creation process altogether, which can greatly simplify the deployment process.So how do you choose? At a high level:
Consider … | For these scenarios |
---|---|
In-place upgrade |
|
Traditional wipe-and-load |
|
Dynamic provisioning |
|
Migration from previous Windows versions
For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
Note that the original Windows 8 release is only supported until January 2016. Organizations that do not think they can complete a full Windows 10 migration by that date should deploy Windows 8.1 now and consider Windows 10 after Windows 8 has been removed from the environment.
For existing Windows PCs running Windows Vista, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
Note that to take advantage of the limited-time free upgrade offer for PCs running Windows 7, Windows 8, or Windows 8.1, you must leverage an in-place upgrade, either from Windows Update or by using the upgrade media available from the Windows 10 software download page to acquire a new Windows 10 license from the Windows Store. For more information, refer to the Windows 10 FAQ.
For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
For organizations that do not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
Setup of new computers
For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
- User-driven, from the cloud. By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see Azure Active Directory integration with MDM.
- IT admin-driven, using new tools. Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see Windows Imaging and Configuration Designer.
In either of these scenarios, you can make a variety of configuration changes to the PC:
- Transform the edition (SKU) of Windows 10 that is in use.
- Apply configuration and settings to the device (for example, security settings, device restrictions, policies, Wi-Fi and VPN profiles, certificates, and so on).
- Install apps, language packs, and updates.
- Enroll the device in a management solution (applicable for IT admin-driven scenarios, configuring the device just enough to allow the management tool to take over configuration and ongoing management).
Stay up to date
For computers already running Windows 10 on the Semi-Annual Channel, new upgrades will periodically be deployed, approximately two to three times per year. You can deploy these upgrades by using a variety of methods:
- Windows Update or Windows Update for Business, for devices where you want to receive updates directly from the Internet.
- Windows Server Update Services (WSUS), for devices configured to pull updates from internal servers after they are approved (deploying like an update). Note that this will require updates to WSUS, which are only available for Windows Server 2012 and Windows Server 2012 R2, not previous versions.
- System Center Configuration Manager task sequences (with Configuration Manager 2012, 2012 R2, and later versions).
- System Center Configuration Manager vNext software update capabilities (deploying like an update).
Note that these upgrades (which are installed differently than monthly updates) will leverage an in-place upgrade process. Unlike updates, which are relatively small, these upgrades will include a full operating system image (around 3 GB for 64-bit operating systems), which requires time (1-2 hours) and disk space (approximately 10 GB) to complete. Ensure that the deployment method you use can support the required network bandwidth and/or disk space requirements.
Q. What is the DefaultAccount on Windows 10 and Windows Server 2016?
A. The DefaultAccount is a built-in account disabled by default (just like the Guest account). It is a system-managed account used in specific circumstances. It’s full name is Default System Manage Account (DSMA) and is used when running Multi-User-Manifested-Apps (MUMA) which are applications that run all the time and then have to react to users coming in and leaving the system. It has well-known RID of 503.
The account has the same permissions as a regular user except it also has TimeZone privilege and can launch applications as other users. This is used by OneCore shared session SKUs such as Xbox and Phone. With regular Windows desktop, applications run as the users own context.
Q. Can I move Domain Controllers out of the default Domain Controllers OU?
A. Can you? Sure. Should you? Definitely not. There is really no good reason to take DCs out of the default Domain Controllers OU and it will likely cause huge problems including stopping the DCs to function altogether.
When a Domain Controller is created, it is automatically placed in the Domain Controllers OU. This OU has special Group Policy Objects (GPO) applied to it which ensure the proper operation of the DCs. If you move DCs out of the OU, then those GPOs would cease to be applied and the DC would not correctly function. Even if you manually linked the relevant GPOs to the new locations for the DCs, there would still be problems for multiple reasons. For example:
- Moving DCs is not supported therefore any problems would resulted in an unsupported configuration
- Many services only search the Domain Controllers OU for domain controllers which means they would not find other DCs that have been moved
- Some applications do not work with DCs not in the Domain Controllers OU, e.g. Exchange
If you must move DCs then move them to child OUs of the Domain Controllers OU however even this is not recommended.