Artwork

内容由BWW Media Group提供。所有播客内容(包括剧集、图形和播客描述)均由 BWW Media Group 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal
Player FM -播客应用
使用Player FM应用程序离线!

MJFChat: What’s New With Windows Update?

35:17
 
分享
 

已归档的系列专辑 ("不活跃的收取点" status)

When? This feed was archived on September 27, 2021 03:10 (2+ y ago). Last successful fetch was on August 27, 2021 11:18 (2+ y ago)

Why? 不活跃的收取点 status. 我们的伺服器已尝试了一段时间,但仍然无法截取有效的播客收取点

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 288758617 series 2607204
内容由BWW Media Group提供。所有播客内容(包括剧集、图形和播客描述)均由 BWW Media Group 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal

We’re doing a twice-monthly interview show on Petri.com that is dedicated to covering topics of interest to our tech-professional audience. We have branded this show “MJFChat.”

In my role as Petri’s Community Magnate, I will be interviewing a variety of IT-savvy technology folks. Some of these will be Petri contributors; some will be tech-company employees; some will be IT pros. We will be tackling various subject areas in the form of 30-minute audio interviews. I will be asking the questions, the bulk of which we’re hoping will come from you, our Petri.com community of readers.

Readers can submit questions via Twitter, Instagram, Facebook and/or LinkedIn using the #AskMJF hashtag. Once the interviews are completed, we will post the audio and associated transcript in the forums for readers to digest at their leisure. (By the way, did you know MJFChats are now available in podcast form? Go here for MJF Chat on Spotify; here for Apple Podcasts on iTunes; and here for Google Play.)

Our latest MJFChat is focused on the latest developments in the Windows updating, patching and servicing space. My special guest is Harjit Dhaliwal, a senior sysadmin, tech evangelist and Microsoft Most Valuable Professional (MVP). He and I talked about what’s new in Windows Update for Business, WSUS, patching and lots more in the course of this conversation.

If you know someone you’d like to see interviewed on the MJFChat show, including yourself, just Tweet to me or drop me a line. (Let me know why you think this person would be an awesome guest and what topics you’d like to see covered.) We’ll take things from there…

Mary Jo Foley:
Hi, you’re listening to Petri.com’s MJF Chat show. I am Mary Jo Foley, AKA your Petri.com community magnate. And I am here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJF Chat is going to be all about what’s happening lately in the Windows, updating and patching space. And my special guest today is Harjit Dhaliwal. Who many of you know, better as Hoorge on Twitter. Harjit is a senior sys-admin and a tech evangelist, and he’s also a Microsoft MVP. Hi, Harjit, thank you so much for doing the chat with me today.

Harjit Dhaliwal:
Hey MJ, thanks for having me on this chat today. This is going to be so much fun.

Mary Jo Foley:
I know I’m, I’m glad you’re doing this because we just had the virtual Ignite conference for IT Pros and I found out later that there was a bunch of Windows updating and patching and servicing news that wasn’t in the book of news. It was kind of a little bit under the radar. So I thought it’d be fun to have you go through some of the announcements so that we have a better perspective on them.

Harjit Dhaliwal:
Yeah, there were a bunch of announcements you know, particularly focused on modern device management and modern work, right. Because you know, the new norm now is working from home and that kind of thing. So, and I believe we are going to talk about a few of these announcements in this chat, right?

Mary Jo Foley:
Right. So one of the ones that caught my eye right off the bat, when I was looking through the list on the Windows IT Pro Blog was the fact that Windows Enterprise admins, soon they’re going to get full control over driver and firmware updates. And that’s a very different situation than what’s possible right now with Intune and Config Manager, right. So I wonder if you could go over that a bit, like what’s going to change and why you think this is important for IT Pros to understand.

Harjit Dhaliwal:
Yeah. So that is correct, right. I mean, the highlight of this is definitely IT admins will get more control over driver firmware updates, and I know we’re going to talk more in depth. You know, very soon, but this has been a pain point with managing devices. You know, we can do OSD and stuff like that, but drivers and firmware has been a major challengem for sure.

Mary Jo Foley:
Right. And it’s also very inconsistent, it seems like from what I have read, like Intune admins right now have some access to policies that can allow or deny all drivers on devices from Win updates. But then they can’t allow drivers only after administrative inspection. Sorry, I’m having trouble saying words here, but then Config Manager has a whole different thing, right. Admins there can’t sync drivers from Windows Update with WSUS. So it just feels like it’s kind of like a hodgepodge right now. And Microsoft seems to be trying to kind of bring some consistency over the driver and firmware updates situation through a Windows Update for Business, right?

Harjit Dhaliwal:
Yes. Windows Update for Business is the new hot stuff.

Mary Jo Foley:
Tell me more, about that?

Harjit Dhaliwal:
All right. So you know, first let me give a quick definition of what Windows Update for Business is, right. You know, which is also known as WUfB, sometimes you hear people say WUfB right, the acronym for it. And I’ll go back and forth with this so, and there has been some confusion of what it is and also some resistance from IT admins. You know, and I’ll explain that a little bit here. So Windows Update for Business is really a set of cloud controls to manage which updates are offered you know, from Windows Update, meaning from the cloud. So when we mentioned Windows Update, it means from the cloud, right. It’s connecting to the Microsoft cloud services and then IT Provides, hopefully IT Provides you know, positive end user update experiences.

Harjit Dhaliwal:
You know, the Windows Update for Business settings can be configured with group policies or MDMs, like you know, such as Intune, right? So Intune is also growing fast. So regarding driver and firmware updates, you know, they traditionally have been a major pain point and a huge challenge for IT admins, particularly to implement and deploy. Oftentimes, this is, you know, we tend to neglect and forget it once we have deployed a device or a user. For example, you know, you get a brand new machine or something like that, you image it, you put whatever the latest Windows 10 version is. You know, you patch it up and everything like that, you give it to the user and it’s kind of forgotten, right. So you only deal with it on a one-on-one basis, maybe three years down the road from this particular device, or this user for something that’s not working? Right, it’s a one-off thing. And you’re like, Oh, okay, you’ve got this issue. Okay, you need firmware, you need to update your BIO. So, you know, UEFI, or you know, there’s some drivers from Dell or HP that we need to add on and stuff like that. Sometimes we’re doing this stuff for like mitigating security risks. Right, you know, so this is, there’s this new mechanism that, you know, Microsoft’s providing, it’s actually a really neat thing. It’s good, in my opinion.

Mary Jo Foley:
Yeah, I think there’s a private preview of this new capability this month. I don’t know if they actually said when the final would be rolling out to other people. But yeah, it does, it sounds at least on paper and on the web, like it’s going to be a big deal for IT Pros.

Harjit Dhaliwal:
Yeah, it is. It is. And the neat thing about this is that what it is, it’s going to leverage all the cloud services.

Mary Jo Foley:
Right.

Harjit Dhaliwal:
So, you know, Microsoft Endpoint Manager, which is, you know, the Intune side of things and right. So that is where this stuff is going to come down from. So when you’re doing your traditional Config Manager, which uses WSUS, you can’t do any of this stuff. You can’t you know, manage drivers and firmware, but what some people have been doing is, like I said, like a one-off basis, like either they are doing it during imaging timeframes, like, okay, now we update our OSD and we’ve got all the latest BIOS and we’ve got the latest, you know, whatever updates we need. Or you have to use third party tools that some, you know, MVPs have created this really awesome third party tools to check on your fleet of devices. Whether you have HP, Lenovo, Dell, whatever, and then it lets, it goes out to the manufacturers, get those you know drivers, puts it in, it integrates with Config Manager, and then you can do it that way.

Harjit Dhaliwal:
It’s so tedious, right. Cause you have to implement this, another thing over something that should already have this capability.

Mary Jo Foley:
Exactly.

Harjit Dhaliwal:
Right?

Mary Jo Foley:
This hits home for me a lot, because it’s not exactly the same situation, but I have a Surface Laptop 3. Recently I had a big problem with it. Like, I couldn’t see anything on the display. So somebody who was helping me at a computer shop, I saw what he was doing. He was like looking for all the separate drivers that weren’t part of Microsoft’s drivers and then installing like the Intel drivers and this and that, you know, like layering it on. And then the drivers were conflicting with what Microsoft was downloading onto the machine, right? So it would say on it, like, which of these two drivers is the most up-to-date driver? And I’m like, oh man, this is such a nightmare.

Harjit Dhaliwal:
Right, right. And you know, so one of the things why I’m really excited about this is because, and I think it’s going to be good for all of us, who manage devices, is it comes down to security. One of the things it’s about, it’s not just about functionality and you know, all that stuff, which is really neat, but it also comes down to security mitigation. Because, you know over the last, I don’t know, just a few years, and even very recently, some of the major security threats have involved, you know, you need to patch the firmware, like the Intel, you know, processes and right. So you just, you just can’t patch Windows, but you got to patch the hardware as well. And that has been such a challenge, like, how do you do this?

Mary Jo Foley:
Yeah. Well, hopefully this new service is going to help a little towards this goal, making it a little simpler. Right?

Harjit Dhaliwal:
Right. But for the consumers, like if you’re a regular consumer or even like you know, a general user that, they did built in the capability of installing drivers with Windows Update. So when you go to Windows Update, and I think it’s under optional updates or something like that. But you know,

Mary Jo Foley:
No one ever checks for that.

Harjit Dhaliwal:
No one checks there, right. One, they don’t know that they need to check that. Two, like do I really need this?

Mary Jo Foley:
I know, I know. I’m always looking at things there going, should I install this, or shouldn’t I? Right. I know. I know. Okay. So let’s, let’s move on to another announcement, which I thought could be potentially interesting for IT Pros. So there was a blog post about something they called, a new Windows Update for Business Deployment Service. And in that blog post, they said, this is, quote, “an exciting next step in the evolution of Windows as a Service.” And from what I could tell, it was supposed to extend management services to any devices connecting through Windows Updates. So people, so admins could do things like schedule update deployments to start on a specific date or bypass a pre-configured policy. So this sounds like it could be really big, right? Like if you give IT Pros much more granular control, right.

Harjit Dhaliwal:
It is. And that’s exactly what I was going to say, right. This is definitely a new cloud service and an extension of Windows Update for Business. So in its infancy, right. When Windows Update for Business came out, it was very much consumer driven, right? So just like you would or, you know, your mom and dad, you know, trying to install updates on the computer, right. It was almost like that, but it was made for businesses and enterprises and they were like, wait, but all I’m trying to do here, if I enable Windows Update for Business, I’m just telling my devices to go out to Windows Updates whenever they are available, install and reboot. So enterprises were very reluctant. This is why I was saying earlier, when we started this chat, there was some resistance, it’s because there was no granular control. You’re like, no, I want to make sure that I can, I’m only delivering these updates on these dates and I’m controlling reboots. So this new service is going to allow you to do all of that.

Harjit Dhaliwal:
Right. So, you know, some of the things that you’re going to get out of this new service, you already patched upon it. Like you can schedule updates to happen on a specific date. You can stage deployments and they have this thing, something new called rich expressions. It’s almost like, you know, if this, then that kind of a situation, right. So where you can deploy a particular Windows 10 feature update to let’s say x number of devices each day starting on such and such day. Right, so you can do those kinds of things. You can override existing Windows update policies to push out like emergency you know, patches. And we can talk more about that later. You know, you can, there’s so many things, there’s some machine learning stuff that’s built in. They’ll identify and pause deployments. And you know, that Microsoft determines from all the data that they get and also the validations that they get from customers and also internally from Microsoft itself. But this validation, or this thing, what they call is a save that hole, but save that hole doesn’t work or doesn’t apply if you are using WSUS. Meaning, you have to use Windows Update, which is the cloud-based mechanism to update. And then you have these protections in place.

Mary Jo Foley:
Got it. It is a multi-layered can of worms to mix.

Mary Jo Foley:
Okay, here’s another one that I definitely need help understanding. There was some announcements around Known Issue Rollback, right.

Harjit Dhaliwal:
Oh yeah.

Mary Jo Foley:
So now, here’s what I was puzzled about, Known Issue Rollback exists at least to some degree. Right? So what is actually new that they’re announcing at Ignite? Can you give me a brief recap about this?

Harjit Dhaliwal:
So Known Issue Rollback or also known as KIR, that’s an acronym they’re using. Again, it’s a new capability. Well, it’s not really a new capability, right? It’s to quickly return you to a working condition. Right?

Mary Jo Foley:
Right.

Harjit Dhaliwal:
So they did have this already implemented but very partially in, I believe in 1809 and 1909, if I’m not mistaken, but now it is like more in 2004 and 20H2 versions and the future ones. So what it really is, is that apparently Microsoft you know, the developers, when they code, they, you know, they’ll add these non-security bug fixes in the code, but they also keep, you know, the old code you know, intact. Like they probably like just comment it out or something like that.

Harjit Dhaliwal:
So when a problem exists or what they call regressions and they need to revert, they go back to this code. They basically, you know unremark the old code and block out the new one. So you kind of go back to the older one, back to where you first started until they figure out what’s going on and come up with a new patch. So what this is, is that you know, you can look at for example, an analogy I’ll use is like a carton of eggs, right? So we know now patches are deployed as a CU, LCU right? The latest computer update. But to the layman, it looks like it’s just one update, but it actually, it’s not, it’s like multiple fixes in that one update. So like a carton of eggs, right? You’ve got 12 eggs in a carton and you’ve got one egg that’s gone bad, but you’re not going to throw out the entire, the other 11 eggs. So you’re going to take the one bad egg out, do something like either replace it or not. That’s basically what this whole Known Issue Rollback kind of mindset works. Does that make sense?

Mary Jo Foley:
It does. It does. It reminds me of something that’s ongoing as we’re recording this chat, which is the whole printing issue that happened. The latest, I think it was the latest set of Patch Tuesday updates they had.

Harjit Dhaliwal:
The March ones, yes.

Mary Jo Foley:
Right. They had a problem with a number of printers and Windows 10. So they had to fix that printing issue. But I think they’re up to their third attempt at this, right? So is this an occasion where the Known Issue Rollback would kind of come into play?

Harjit Dhaliwal:
So this is very, very interesting question. So this is, my take is that this should be a KIR thing, but according to Microsoft, the people who are delivering the patches, they’re saying, it’s not, it doesn’t apply to this particular situation. So there is a blog post on Tech Community by the folks who manage patches at Microsoft. And I’m a little confused because there’s a little short video where they do describe a similar issue with printing you know, printing gone bad in April 2020, right last year. And apparently KIR came into effect and solved and stopped and mitigated those bad patches. But apparently it doesn’t apply right now. So I’m a little confused. I’m not sure why, I’m thinking this would be the perfect case for this. So the other thing that is really interesting about this KIR thing is that they are also saying that they provide group policies for the specific use cases.

Harjit Dhaliwal:
Like, so each, let’s say, let’s take this printing thing, for example. So they’ve discovered it. They said they’re going to roll back, whatever. So if you’re an on-prem admin and you’re using WSUS and stuff, obviously you’re not going to be able to use KIR, right? Cause it’s all cloud based. So what they’re doing is that they’re giving you group policies for this one particular KB, Windows Update KB, right? And which they will put in the release notes and, you know, whatever. But so with that, what you can do is that once you add that to your group policy, you can deploy it. And next thing you know, everybody’s fixed, but here’s what happens though. Each of those KBs are individualized. So over time, let’s say in a year, if you do this twice a month or something like that, right? You’re going to start seeing a bloat of group policies in your group policy management console. And the way sys-admins work is like, once we set a group policy, we really kind of don’t look back like, Oh yeah, there was a problem with this particular thing. Here’s a group policy and boom, we set it. And then, you know, maybe five years down the road or something, someone new comes in or whatever, and says, Hey, what is this for? I don’t know, right?

Mary Jo Foley:
It’s just sitting there, yeah.

Harjit Dhaliwal:
That’s one of the concerns that they need to fix that, they can’t have these group policies just bloating the environment.

Mary Jo Foley:
Yeah, yeah, got it. I know, like I said, many, many layers of issues on all of these pieces, right?

Harjit Dhaliwal:
So many.

Mary Jo Foley:
Okay. We have to talk about security, right? Because what is a chat without talking about security?

Harjit Dhaliwal:
Well, they work hand in hand though.

Mary Jo Foley:
They do, they do. So another one of the Ignite announcements was about how Microsoft is trying to expedite Windows 10 Security Updates within the Endpoint Manager Admin Center. So I believe that’s also coming soon as a public preview. What’s this going to mean to admins in your opinion?

Harjit Dhaliwal:
So again, this is going to be utilizing Windows Update for Business, right? So Windows Update the cloud-based.

Mary Jo Foley:
Right.

Harjit Dhaliwal:
So right now, when a emergency patch comes out, for example, there were some this month and, you know, some in the previous months, because of some major security blow out. Oftentimes these out-of-band patches, they’re not available in WSUS. You know, they’re not dealt with that way. So you literally have to go and import it, like go into the catalog, import it, add it, sync it and so on and so forth and then deliver it. So this expediting thing is, what it does is that you can have your existing Windows Update for Business settings or profiles, right. With your different you know, targeting like, you know, some people, when they deliver patches, they deliver to their insider group first, like maybe five devices or five users.

Harjit Dhaliwal:
And then they’ll expand it, after two days they’ll expand that to you know, the first wave and then the second wave and so on. What this does is that this doesn’t change that, but it will push that emergency patch above all else. And lets you install that first, pausing everything else. Once, it’s emergency patches is installed and it’s successful, then it really enables those other policies that you have with Windows Update for Business. So it’s a quick way to remediate things. Right?

Mary Jo Foley:
Okay, yep.

Harjit Dhaliwal:
So,otherwise you have to restructure your whole patching methodology, right? You go like, wait, I’ve got this one, but it’s not, but I’m also delivering the other patches and this is not going to work. So yeah. It’s like pausing things and let’s get this in first. And then, you know, here’s another analogy I just thought about. So it’s like a VIP, right? Who’s got a police escort, right?

Mary Jo Foley:
Right, cause you can hear the sirens in the background.

Harjit Dhaliwal:
Right, there you go. So you’ve got a police escort. So instead of waiting in traffic, you just have other cars move to the side and let the VIP go through. And then after that the rest of the traffic goes through, it’s kind of simple.

Mary Jo Foley:
Yeah. It’s all about prioritization, right?

Harjit Dhaliwal:
Exactly.

Mary Jo Foley:
Which is an issue. Yeah, for sure. Okay. Now we’re getting to the fun part. We got a couple of reader questions here for you. And I like this one a lot from Tero Alhonen on Twitter.

Harjit Dhaliwal:
Oh, yeah.

Mary Jo Foley:
He wants to know what you think about the future of on-prem WSUS and you know, we’ve been mostly talking about cloud updates during this chat, but we’ve mentioned WSUS a couple of times and he says, he noticed that it hasn’t gotten any major updates and the latest policy gives users yet another option to use cloud services and not on-prem. So what do you, this is just your opinion, but what do you think is going to happen with on-prem WSUS?

Harjit Dhaliwal:
So, Tero makes a very good point. And this has been raised by many config manager admins and you know, who have this love and hate relationship with WSUS. And I would say more like hate than actually love, because you know, like Config Manager requires WSUS to be there. Right? It needs WSUS and that’s one of the required components. So you got no way around it. And then there are a lot of complexities to keeping it running, you know, like a well-oiled machine, right? You gotta do regular maintenance things to it. You have to, you know, clean up the database and do your indexing and tune IAS and so on and so forth. And there are times like where syncing will break or, you know, or you’ll have a bloat and things like that. And things don’t clear out, you’ll have to like sometimes uninstalle WSUS and re-install, so it is really a challenge, right?

Harjit Dhaliwal:
In my opinion, I think WSUS is going to be around for a little longer, or at least until it’s no longer a dependency for Config Manager, right?

Mary Jo Foley:
Yeah, right.

Harjit Dhaliwal:
So until we don’t get rid of that dependency, it’s going to be around. But you know, we’ve seen all these, like all these announcements from, you know, Microsoft and whatever, and we can see the direction that they’re moving, right? Which is cloud, right?

Mary Jo Foley:
Right.

Harjit Dhaliwal:
Cloud centric, ecosystems. That’s where things are moving, Windows Update for Business. You can see the writing on the wall. Because things are moving, right. So I think that’s what it is. And I think Windows Update for Business it’s going to have more and more and more features added to it over time. And then WSUS is just kinda gonna fizzle away. But at the same point, WSUS is actually also used by quite a few companies or organizations to patch like your servers, because standalone, not even using Config Manager, right. Standalone, because it’s free, it can do what it’s supposed to do, but it doesn’t have granular controls.

Mary Jo Foley:
Right, right.

Harjit Dhaliwal:
You know, so it’s still being used, you know, it’s like maybe some small organizations and stuff.

Mary Jo Foley:
Yeah. I know. I feel like it’s a similar discussion to Windows Server on-prem and Office on prem. There are people who use it, right. And so as long as there are customers, especially some important customers of Microsoft who want it, they’re going to keep it around.

Harjit Dhaliwal:
Yes, yes, absolutely.

Mary Jo Foley:
Okay. Another good Windows question from Tero and this one I think is pure speculation, but maybe, you know, an answer I don’t know here. And he’s he asked if we have heard anything about what Microsoft’s likely to do with Windows 1021H1, which isn’t out yet for the mainstream in terms of support. So usually the way Windows support has been working, Windows 10 support is 18 months of support for enterprises and education. Sorry, we have more sirens, for H1 feature updates and then 30 months of support for H2. But this year is different because the H1 update of Windows 10 is supposed to be very minor, almost like a cumulative update. And each shoe is supposed to be pretty big and substantial. So he’s wondering, do we think they could flip it this time and make it be 30 months for H1 and 18 for H2?

Harjit Dhaliwal:
No, I don’t think so. So no, I you know, 21H1, you know, it just came out. I think just a couple of days ago, a few days ago, as a commercial screen release, right. So it’s still under testing it’s still under windows Insiders and all that stuff, right? So when you look at it, like you mentioned earlier, 18 months and 30 months, the spring versions, which is the 21H1 is always 18 months. And then the fall ones are going to be the second one is always going to be the 30 months. I don’t know why they kept it different like that, which creates a lot of challenges with maintenance and, right. So and you also talked about like, you know, there’s not much difference. Yes, because 21H1 is really from my understanding, it uses the same code as 20H2 and 2004.

Harjit Dhaliwal:
Even the cumulative updates are the same.

Mary Jo Foley:
Right.

Harjit Dhaliwal:
And stuff like that. So it’s still under testing, if there was really a you know, an RTM version right now, then we can say something different, but it’s still under testing. We’re already in March. So by the time it’s going to come out, it’ll be May. We give another few months, there’ll be 21H2, which is going to have a ton of features. This 21H1’s going to morph into that. And then you have 30 months. And a lot of my peers that I talked to, who work in various organizations, and most of them, 90% of them will skip the spring version all the time. They don’t even deploy that. They don’t even give that as an option to their users. Because why you have the longer timeframe to have some breathing room, right?

Harjit Dhaliwal:
To figure out your applications, compatibility and all that stuff rather than yeah. Because by the time it comes out, and then you want to try to deploy it. You’re really going to lose a few months from that. So the 18 months, is not going to be 18 months, it might be 12 months maybe. Yeah. So I would say skip it, you know, but definitely use it as a test, you know, test it out, play with your, you know, your line of business applications and give Microsoft feedback about what you’re seeing and bug fixes and stuff like that. That’s what they want you to do. They want you to give them that information.

Mary Jo Foley:
So you think business as usual basically, right?

Harjit Dhaliwal:
Right, right, right.

Mary Jo Foley:
Cool. All right. Last question for you, because we’re pretty much out of time here, is about resources. So I’ve mentioned a couple of times Microsoft’s Windows IT Pro Blog, but I’m sure there are lots of other resources that you might recommend or suggest for people who want to keep up with what’s going on in Windows patching and servicing and updating, any off the top of your head suggestions here.

Harjit Dhaliwal:
So, there are lots out there. And I’ve got an RSS feed of a bunch of them.

Mary Jo Foley:
Oh wow, nice.

Harjit Dhaliwal:
But yeah, so I keep a very close pulse on patches, like every month, I’m like, you know, monitoring this stuff, you know, sometimes a week before it happens and the day before, the day it happens and so on. So what I’ve started doing to help the community is, I’ve started my own blogs every month, about each month’s patches.

Mary Jo Foley:
Nice.

Harjit Dhaliwal:
So, my blog site, it’s harjit.us. And you’ll see when I started in January, February, March, and then I put some updates to it, like, as I find like, oh yeah, you know, on such a day now there’s a new update for this, whatever. And I also cover third party patches as well. Like, you know, Oracle, Java, you know, things like that.

Harjit Dhaliwal:
Adobe. So it’s like a one-stop shop kind of a thing for people, and I have links. So that’s one site. And then obviously my Twitter, I’m very active on Twitter. And my friend, Anoop Nair from India. He’s a huge, because of Endpoint Manager guy. And we started a technical YouTube show called Namaste Techies, right.

Mary Jo Foley:
Oh, cool.

Harjit Dhaliwal:
You know, we’ll often tweet that out and all that stuff. So we started doing that stuff too. We started sharing there as well. So there’s lots of information. I think the best easiest is to follow my blog and then expand out from there because I provide all the other resources there.

Mary Jo Foley:
Great. I didn’t know about your blog. So that’s a new resource for me. I follow you on Twitter obviously, and if you don’t already follow Harjit, he’s @Hoorge, right?

Harjit Dhaliwal:
Yes, that’s right.

Mary Jo Foley:
So you should follow him.

Harjit Dhaliwal:
Thank you.

Mary Jo Foley:
All right, Harjit. Thank you so much for taking all the time and explaining all these posts, because there were a lot of them and I felt a little befuddled, I have to admit at the end. So now I feel better about understanding them.

Harjit Dhaliwal:
Yeah, no, and you know really thank you for having me again. I know I did this with you once before so it’s a lot of fun and it’s nice to just be, you know cordial and just talk about this stuff and hopefully like, you know your listeners will have something to, walk away from this chat that we had. And definitely reach out. And I encourage them, you know, to reach out to me. I’m not, you know, I’m not closing the doors, you know, reach out, contact me if you need some assistance or information and things like that and I’m happy to engage.

Mary Jo Foley:
That’s great, thank you very much for doing that. I use you that way myself sometimes when I need help on patches and thank you very much. For everyone else listening right now to this chat or reading the transcript, I will be putting up more information soon about who my next guest is going to be. And once you see that you can submit questions directly on Twitter using the #MJFChat. In the meantime, if you know of anyone else, or even yourself who might make a good guest for one of these chats, do not hesitate to drop me a note. Thank you very much.

Harjit Dhaliwal:
All right, great. Cheers, everybody.

  continue reading

20集单集

Artwork
icon分享
 

已归档的系列专辑 ("不活跃的收取点" status)

When? This feed was archived on September 27, 2021 03:10 (2+ y ago). Last successful fetch was on August 27, 2021 11:18 (2+ y ago)

Why? 不活跃的收取点 status. 我们的伺服器已尝试了一段时间,但仍然无法截取有效的播客收取点

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 288758617 series 2607204
内容由BWW Media Group提供。所有播客内容(包括剧集、图形和播客描述)均由 BWW Media Group 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal

We’re doing a twice-monthly interview show on Petri.com that is dedicated to covering topics of interest to our tech-professional audience. We have branded this show “MJFChat.”

In my role as Petri’s Community Magnate, I will be interviewing a variety of IT-savvy technology folks. Some of these will be Petri contributors; some will be tech-company employees; some will be IT pros. We will be tackling various subject areas in the form of 30-minute audio interviews. I will be asking the questions, the bulk of which we’re hoping will come from you, our Petri.com community of readers.

Readers can submit questions via Twitter, Instagram, Facebook and/or LinkedIn using the #AskMJF hashtag. Once the interviews are completed, we will post the audio and associated transcript in the forums for readers to digest at their leisure. (By the way, did you know MJFChats are now available in podcast form? Go here for MJF Chat on Spotify; here for Apple Podcasts on iTunes; and here for Google Play.)

Our latest MJFChat is focused on the latest developments in the Windows updating, patching and servicing space. My special guest is Harjit Dhaliwal, a senior sysadmin, tech evangelist and Microsoft Most Valuable Professional (MVP). He and I talked about what’s new in Windows Update for Business, WSUS, patching and lots more in the course of this conversation.

If you know someone you’d like to see interviewed on the MJFChat show, including yourself, just Tweet to me or drop me a line. (Let me know why you think this person would be an awesome guest and what topics you’d like to see covered.) We’ll take things from there…

Mary Jo Foley:
Hi, you’re listening to Petri.com’s MJF Chat show. I am Mary Jo Foley, AKA your Petri.com community magnate. And I am here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJF Chat is going to be all about what’s happening lately in the Windows, updating and patching space. And my special guest today is Harjit Dhaliwal. Who many of you know, better as Hoorge on Twitter. Harjit is a senior sys-admin and a tech evangelist, and he’s also a Microsoft MVP. Hi, Harjit, thank you so much for doing the chat with me today.

Harjit Dhaliwal:
Hey MJ, thanks for having me on this chat today. This is going to be so much fun.

Mary Jo Foley:
I know I’m, I’m glad you’re doing this because we just had the virtual Ignite conference for IT Pros and I found out later that there was a bunch of Windows updating and patching and servicing news that wasn’t in the book of news. It was kind of a little bit under the radar. So I thought it’d be fun to have you go through some of the announcements so that we have a better perspective on them.

Harjit Dhaliwal:
Yeah, there were a bunch of announcements you know, particularly focused on modern device management and modern work, right. Because you know, the new norm now is working from home and that kind of thing. So, and I believe we are going to talk about a few of these announcements in this chat, right?

Mary Jo Foley:
Right. So one of the ones that caught my eye right off the bat, when I was looking through the list on the Windows IT Pro Blog was the fact that Windows Enterprise admins, soon they’re going to get full control over driver and firmware updates. And that’s a very different situation than what’s possible right now with Intune and Config Manager, right. So I wonder if you could go over that a bit, like what’s going to change and why you think this is important for IT Pros to understand.

Harjit Dhaliwal:
Yeah. So that is correct, right. I mean, the highlight of this is definitely IT admins will get more control over driver firmware updates, and I know we’re going to talk more in depth. You know, very soon, but this has been a pain point with managing devices. You know, we can do OSD and stuff like that, but drivers and firmware has been a major challengem for sure.

Mary Jo Foley:
Right. And it’s also very inconsistent, it seems like from what I have read, like Intune admins right now have some access to policies that can allow or deny all drivers on devices from Win updates. But then they can’t allow drivers only after administrative inspection. Sorry, I’m having trouble saying words here, but then Config Manager has a whole different thing, right. Admins there can’t sync drivers from Windows Update with WSUS. So it just feels like it’s kind of like a hodgepodge right now. And Microsoft seems to be trying to kind of bring some consistency over the driver and firmware updates situation through a Windows Update for Business, right?

Harjit Dhaliwal:
Yes. Windows Update for Business is the new hot stuff.

Mary Jo Foley:
Tell me more, about that?

Harjit Dhaliwal:
All right. So you know, first let me give a quick definition of what Windows Update for Business is, right. You know, which is also known as WUfB, sometimes you hear people say WUfB right, the acronym for it. And I’ll go back and forth with this so, and there has been some confusion of what it is and also some resistance from IT admins. You know, and I’ll explain that a little bit here. So Windows Update for Business is really a set of cloud controls to manage which updates are offered you know, from Windows Update, meaning from the cloud. So when we mentioned Windows Update, it means from the cloud, right. It’s connecting to the Microsoft cloud services and then IT Provides, hopefully IT Provides you know, positive end user update experiences.

Harjit Dhaliwal:
You know, the Windows Update for Business settings can be configured with group policies or MDMs, like you know, such as Intune, right? So Intune is also growing fast. So regarding driver and firmware updates, you know, they traditionally have been a major pain point and a huge challenge for IT admins, particularly to implement and deploy. Oftentimes, this is, you know, we tend to neglect and forget it once we have deployed a device or a user. For example, you know, you get a brand new machine or something like that, you image it, you put whatever the latest Windows 10 version is. You know, you patch it up and everything like that, you give it to the user and it’s kind of forgotten, right. So you only deal with it on a one-on-one basis, maybe three years down the road from this particular device, or this user for something that’s not working? Right, it’s a one-off thing. And you’re like, Oh, okay, you’ve got this issue. Okay, you need firmware, you need to update your BIO. So, you know, UEFI, or you know, there’s some drivers from Dell or HP that we need to add on and stuff like that. Sometimes we’re doing this stuff for like mitigating security risks. Right, you know, so this is, there’s this new mechanism that, you know, Microsoft’s providing, it’s actually a really neat thing. It’s good, in my opinion.

Mary Jo Foley:
Yeah, I think there’s a private preview of this new capability this month. I don’t know if they actually said when the final would be rolling out to other people. But yeah, it does, it sounds at least on paper and on the web, like it’s going to be a big deal for IT Pros.

Harjit Dhaliwal:
Yeah, it is. It is. And the neat thing about this is that what it is, it’s going to leverage all the cloud services.

Mary Jo Foley:
Right.

Harjit Dhaliwal:
So, you know, Microsoft Endpoint Manager, which is, you know, the Intune side of things and right. So that is where this stuff is going to come down from. So when you’re doing your traditional Config Manager, which uses WSUS, you can’t do any of this stuff. You can’t you know, manage drivers and firmware, but what some people have been doing is, like I said, like a one-off basis, like either they are doing it during imaging timeframes, like, okay, now we update our OSD and we’ve got all the latest BIOS and we’ve got the latest, you know, whatever updates we need. Or you have to use third party tools that some, you know, MVPs have created this really awesome third party tools to check on your fleet of devices. Whether you have HP, Lenovo, Dell, whatever, and then it lets, it goes out to the manufacturers, get those you know drivers, puts it in, it integrates with Config Manager, and then you can do it that way.

Harjit Dhaliwal:
It’s so tedious, right. Cause you have to implement this, another thing over something that should already have this capability.

Mary Jo Foley:
Exactly.

Harjit Dhaliwal:
Right?

Mary Jo Foley:
This hits home for me a lot, because it’s not exactly the same situation, but I have a Surface Laptop 3. Recently I had a big problem with it. Like, I couldn’t see anything on the display. So somebody who was helping me at a computer shop, I saw what he was doing. He was like looking for all the separate drivers that weren’t part of Microsoft’s drivers and then installing like the Intel drivers and this and that, you know, like layering it on. And then the drivers were conflicting with what Microsoft was downloading onto the machine, right? So it would say on it, like, which of these two drivers is the most up-to-date driver? And I’m like, oh man, this is such a nightmare.

Harjit Dhaliwal:
Right, right. And you know, so one of the things why I’m really excited about this is because, and I think it’s going to be good for all of us, who manage devices, is it comes down to security. One of the things it’s about, it’s not just about functionality and you know, all that stuff, which is really neat, but it also comes down to security mitigation. Because, you know over the last, I don’t know, just a few years, and even very recently, some of the major security threats have involved, you know, you need to patch the firmware, like the Intel, you know, processes and right. So you just, you just can’t patch Windows, but you got to patch the hardware as well. And that has been such a challenge, like, how do you do this?

Mary Jo Foley:
Yeah. Well, hopefully this new service is going to help a little towards this goal, making it a little simpler. Right?

Harjit Dhaliwal:
Right. But for the consumers, like if you’re a regular consumer or even like you know, a general user that, they did built in the capability of installing drivers with Windows Update. So when you go to Windows Update, and I think it’s under optional updates or something like that. But you know,

Mary Jo Foley:
No one ever checks for that.

Harjit Dhaliwal:
No one checks there, right. One, they don’t know that they need to check that. Two, like do I really need this?

Mary Jo Foley:
I know, I know. I’m always looking at things there going, should I install this, or shouldn’t I? Right. I know. I know. Okay. So let’s, let’s move on to another announcement, which I thought could be potentially interesting for IT Pros. So there was a blog post about something they called, a new Windows Update for Business Deployment Service. And in that blog post, they said, this is, quote, “an exciting next step in the evolution of Windows as a Service.” And from what I could tell, it was supposed to extend management services to any devices connecting through Windows Updates. So people, so admins could do things like schedule update deployments to start on a specific date or bypass a pre-configured policy. So this sounds like it could be really big, right? Like if you give IT Pros much more granular control, right.

Harjit Dhaliwal:
It is. And that’s exactly what I was going to say, right. This is definitely a new cloud service and an extension of Windows Update for Business. So in its infancy, right. When Windows Update for Business came out, it was very much consumer driven, right? So just like you would or, you know, your mom and dad, you know, trying to install updates on the computer, right. It was almost like that, but it was made for businesses and enterprises and they were like, wait, but all I’m trying to do here, if I enable Windows Update for Business, I’m just telling my devices to go out to Windows Updates whenever they are available, install and reboot. So enterprises were very reluctant. This is why I was saying earlier, when we started this chat, there was some resistance, it’s because there was no granular control. You’re like, no, I want to make sure that I can, I’m only delivering these updates on these dates and I’m controlling reboots. So this new service is going to allow you to do all of that.

Harjit Dhaliwal:
Right. So, you know, some of the things that you’re going to get out of this new service, you already patched upon it. Like you can schedule updates to happen on a specific date. You can stage deployments and they have this thing, something new called rich expressions. It’s almost like, you know, if this, then that kind of a situation, right. So where you can deploy a particular Windows 10 feature update to let’s say x number of devices each day starting on such and such day. Right, so you can do those kinds of things. You can override existing Windows update policies to push out like emergency you know, patches. And we can talk more about that later. You know, you can, there’s so many things, there’s some machine learning stuff that’s built in. They’ll identify and pause deployments. And you know, that Microsoft determines from all the data that they get and also the validations that they get from customers and also internally from Microsoft itself. But this validation, or this thing, what they call is a save that hole, but save that hole doesn’t work or doesn’t apply if you are using WSUS. Meaning, you have to use Windows Update, which is the cloud-based mechanism to update. And then you have these protections in place.

Mary Jo Foley:
Got it. It is a multi-layered can of worms to mix.

Mary Jo Foley:
Okay, here’s another one that I definitely need help understanding. There was some announcements around Known Issue Rollback, right.

Harjit Dhaliwal:
Oh yeah.

Mary Jo Foley:
So now, here’s what I was puzzled about, Known Issue Rollback exists at least to some degree. Right? So what is actually new that they’re announcing at Ignite? Can you give me a brief recap about this?

Harjit Dhaliwal:
So Known Issue Rollback or also known as KIR, that’s an acronym they’re using. Again, it’s a new capability. Well, it’s not really a new capability, right? It’s to quickly return you to a working condition. Right?

Mary Jo Foley:
Right.

Harjit Dhaliwal:
So they did have this already implemented but very partially in, I believe in 1809 and 1909, if I’m not mistaken, but now it is like more in 2004 and 20H2 versions and the future ones. So what it really is, is that apparently Microsoft you know, the developers, when they code, they, you know, they’ll add these non-security bug fixes in the code, but they also keep, you know, the old code you know, intact. Like they probably like just comment it out or something like that.

Harjit Dhaliwal:
So when a problem exists or what they call regressions and they need to revert, they go back to this code. They basically, you know unremark the old code and block out the new one. So you kind of go back to the older one, back to where you first started until they figure out what’s going on and come up with a new patch. So what this is, is that you know, you can look at for example, an analogy I’ll use is like a carton of eggs, right? So we know now patches are deployed as a CU, LCU right? The latest computer update. But to the layman, it looks like it’s just one update, but it actually, it’s not, it’s like multiple fixes in that one update. So like a carton of eggs, right? You’ve got 12 eggs in a carton and you’ve got one egg that’s gone bad, but you’re not going to throw out the entire, the other 11 eggs. So you’re going to take the one bad egg out, do something like either replace it or not. That’s basically what this whole Known Issue Rollback kind of mindset works. Does that make sense?

Mary Jo Foley:
It does. It does. It reminds me of something that’s ongoing as we’re recording this chat, which is the whole printing issue that happened. The latest, I think it was the latest set of Patch Tuesday updates they had.

Harjit Dhaliwal:
The March ones, yes.

Mary Jo Foley:
Right. They had a problem with a number of printers and Windows 10. So they had to fix that printing issue. But I think they’re up to their third attempt at this, right? So is this an occasion where the Known Issue Rollback would kind of come into play?

Harjit Dhaliwal:
So this is very, very interesting question. So this is, my take is that this should be a KIR thing, but according to Microsoft, the people who are delivering the patches, they’re saying, it’s not, it doesn’t apply to this particular situation. So there is a blog post on Tech Community by the folks who manage patches at Microsoft. And I’m a little confused because there’s a little short video where they do describe a similar issue with printing you know, printing gone bad in April 2020, right last year. And apparently KIR came into effect and solved and stopped and mitigated those bad patches. But apparently it doesn’t apply right now. So I’m a little confused. I’m not sure why, I’m thinking this would be the perfect case for this. So the other thing that is really interesting about this KIR thing is that they are also saying that they provide group policies for the specific use cases.

Harjit Dhaliwal:
Like, so each, let’s say, let’s take this printing thing, for example. So they’ve discovered it. They said they’re going to roll back, whatever. So if you’re an on-prem admin and you’re using WSUS and stuff, obviously you’re not going to be able to use KIR, right? Cause it’s all cloud based. So what they’re doing is that they’re giving you group policies for this one particular KB, Windows Update KB, right? And which they will put in the release notes and, you know, whatever. But so with that, what you can do is that once you add that to your group policy, you can deploy it. And next thing you know, everybody’s fixed, but here’s what happens though. Each of those KBs are individualized. So over time, let’s say in a year, if you do this twice a month or something like that, right? You’re going to start seeing a bloat of group policies in your group policy management console. And the way sys-admins work is like, once we set a group policy, we really kind of don’t look back like, Oh yeah, there was a problem with this particular thing. Here’s a group policy and boom, we set it. And then, you know, maybe five years down the road or something, someone new comes in or whatever, and says, Hey, what is this for? I don’t know, right?

Mary Jo Foley:
It’s just sitting there, yeah.

Harjit Dhaliwal:
That’s one of the concerns that they need to fix that, they can’t have these group policies just bloating the environment.

Mary Jo Foley:
Yeah, yeah, got it. I know, like I said, many, many layers of issues on all of these pieces, right?

Harjit Dhaliwal:
So many.

Mary Jo Foley:
Okay. We have to talk about security, right? Because what is a chat without talking about security?

Harjit Dhaliwal:
Well, they work hand in hand though.

Mary Jo Foley:
They do, they do. So another one of the Ignite announcements was about how Microsoft is trying to expedite Windows 10 Security Updates within the Endpoint Manager Admin Center. So I believe that’s also coming soon as a public preview. What’s this going to mean to admins in your opinion?

Harjit Dhaliwal:
So again, this is going to be utilizing Windows Update for Business, right? So Windows Update the cloud-based.

Mary Jo Foley:
Right.

Harjit Dhaliwal:
So right now, when a emergency patch comes out, for example, there were some this month and, you know, some in the previous months, because of some major security blow out. Oftentimes these out-of-band patches, they’re not available in WSUS. You know, they’re not dealt with that way. So you literally have to go and import it, like go into the catalog, import it, add it, sync it and so on and so forth and then deliver it. So this expediting thing is, what it does is that you can have your existing Windows Update for Business settings or profiles, right. With your different you know, targeting like, you know, some people, when they deliver patches, they deliver to their insider group first, like maybe five devices or five users.

Harjit Dhaliwal:
And then they’ll expand it, after two days they’ll expand that to you know, the first wave and then the second wave and so on. What this does is that this doesn’t change that, but it will push that emergency patch above all else. And lets you install that first, pausing everything else. Once, it’s emergency patches is installed and it’s successful, then it really enables those other policies that you have with Windows Update for Business. So it’s a quick way to remediate things. Right?

Mary Jo Foley:
Okay, yep.

Harjit Dhaliwal:
So,otherwise you have to restructure your whole patching methodology, right? You go like, wait, I’ve got this one, but it’s not, but I’m also delivering the other patches and this is not going to work. So yeah. It’s like pausing things and let’s get this in first. And then, you know, here’s another analogy I just thought about. So it’s like a VIP, right? Who’s got a police escort, right?

Mary Jo Foley:
Right, cause you can hear the sirens in the background.

Harjit Dhaliwal:
Right, there you go. So you’ve got a police escort. So instead of waiting in traffic, you just have other cars move to the side and let the VIP go through. And then after that the rest of the traffic goes through, it’s kind of simple.

Mary Jo Foley:
Yeah. It’s all about prioritization, right?

Harjit Dhaliwal:
Exactly.

Mary Jo Foley:
Which is an issue. Yeah, for sure. Okay. Now we’re getting to the fun part. We got a couple of reader questions here for you. And I like this one a lot from Tero Alhonen on Twitter.

Harjit Dhaliwal:
Oh, yeah.

Mary Jo Foley:
He wants to know what you think about the future of on-prem WSUS and you know, we’ve been mostly talking about cloud updates during this chat, but we’ve mentioned WSUS a couple of times and he says, he noticed that it hasn’t gotten any major updates and the latest policy gives users yet another option to use cloud services and not on-prem. So what do you, this is just your opinion, but what do you think is going to happen with on-prem WSUS?

Harjit Dhaliwal:
So, Tero makes a very good point. And this has been raised by many config manager admins and you know, who have this love and hate relationship with WSUS. And I would say more like hate than actually love, because you know, like Config Manager requires WSUS to be there. Right? It needs WSUS and that’s one of the required components. So you got no way around it. And then there are a lot of complexities to keeping it running, you know, like a well-oiled machine, right? You gotta do regular maintenance things to it. You have to, you know, clean up the database and do your indexing and tune IAS and so on and so forth. And there are times like where syncing will break or, you know, or you’ll have a bloat and things like that. And things don’t clear out, you’ll have to like sometimes uninstalle WSUS and re-install, so it is really a challenge, right?

Harjit Dhaliwal:
In my opinion, I think WSUS is going to be around for a little longer, or at least until it’s no longer a dependency for Config Manager, right?

Mary Jo Foley:
Yeah, right.

Harjit Dhaliwal:
So until we don’t get rid of that dependency, it’s going to be around. But you know, we’ve seen all these, like all these announcements from, you know, Microsoft and whatever, and we can see the direction that they’re moving, right? Which is cloud, right?

Mary Jo Foley:
Right.

Harjit Dhaliwal:
Cloud centric, ecosystems. That’s where things are moving, Windows Update for Business. You can see the writing on the wall. Because things are moving, right. So I think that’s what it is. And I think Windows Update for Business it’s going to have more and more and more features added to it over time. And then WSUS is just kinda gonna fizzle away. But at the same point, WSUS is actually also used by quite a few companies or organizations to patch like your servers, because standalone, not even using Config Manager, right. Standalone, because it’s free, it can do what it’s supposed to do, but it doesn’t have granular controls.

Mary Jo Foley:
Right, right.

Harjit Dhaliwal:
You know, so it’s still being used, you know, it’s like maybe some small organizations and stuff.

Mary Jo Foley:
Yeah. I know. I feel like it’s a similar discussion to Windows Server on-prem and Office on prem. There are people who use it, right. And so as long as there are customers, especially some important customers of Microsoft who want it, they’re going to keep it around.

Harjit Dhaliwal:
Yes, yes, absolutely.

Mary Jo Foley:
Okay. Another good Windows question from Tero and this one I think is pure speculation, but maybe, you know, an answer I don’t know here. And he’s he asked if we have heard anything about what Microsoft’s likely to do with Windows 1021H1, which isn’t out yet for the mainstream in terms of support. So usually the way Windows support has been working, Windows 10 support is 18 months of support for enterprises and education. Sorry, we have more sirens, for H1 feature updates and then 30 months of support for H2. But this year is different because the H1 update of Windows 10 is supposed to be very minor, almost like a cumulative update. And each shoe is supposed to be pretty big and substantial. So he’s wondering, do we think they could flip it this time and make it be 30 months for H1 and 18 for H2?

Harjit Dhaliwal:
No, I don’t think so. So no, I you know, 21H1, you know, it just came out. I think just a couple of days ago, a few days ago, as a commercial screen release, right. So it’s still under testing it’s still under windows Insiders and all that stuff, right? So when you look at it, like you mentioned earlier, 18 months and 30 months, the spring versions, which is the 21H1 is always 18 months. And then the fall ones are going to be the second one is always going to be the 30 months. I don’t know why they kept it different like that, which creates a lot of challenges with maintenance and, right. So and you also talked about like, you know, there’s not much difference. Yes, because 21H1 is really from my understanding, it uses the same code as 20H2 and 2004.

Harjit Dhaliwal:
Even the cumulative updates are the same.

Mary Jo Foley:
Right.

Harjit Dhaliwal:
And stuff like that. So it’s still under testing, if there was really a you know, an RTM version right now, then we can say something different, but it’s still under testing. We’re already in March. So by the time it’s going to come out, it’ll be May. We give another few months, there’ll be 21H2, which is going to have a ton of features. This 21H1’s going to morph into that. And then you have 30 months. And a lot of my peers that I talked to, who work in various organizations, and most of them, 90% of them will skip the spring version all the time. They don’t even deploy that. They don’t even give that as an option to their users. Because why you have the longer timeframe to have some breathing room, right?

Harjit Dhaliwal:
To figure out your applications, compatibility and all that stuff rather than yeah. Because by the time it comes out, and then you want to try to deploy it. You’re really going to lose a few months from that. So the 18 months, is not going to be 18 months, it might be 12 months maybe. Yeah. So I would say skip it, you know, but definitely use it as a test, you know, test it out, play with your, you know, your line of business applications and give Microsoft feedback about what you’re seeing and bug fixes and stuff like that. That’s what they want you to do. They want you to give them that information.

Mary Jo Foley:
So you think business as usual basically, right?

Harjit Dhaliwal:
Right, right, right.

Mary Jo Foley:
Cool. All right. Last question for you, because we’re pretty much out of time here, is about resources. So I’ve mentioned a couple of times Microsoft’s Windows IT Pro Blog, but I’m sure there are lots of other resources that you might recommend or suggest for people who want to keep up with what’s going on in Windows patching and servicing and updating, any off the top of your head suggestions here.

Harjit Dhaliwal:
So, there are lots out there. And I’ve got an RSS feed of a bunch of them.

Mary Jo Foley:
Oh wow, nice.

Harjit Dhaliwal:
But yeah, so I keep a very close pulse on patches, like every month, I’m like, you know, monitoring this stuff, you know, sometimes a week before it happens and the day before, the day it happens and so on. So what I’ve started doing to help the community is, I’ve started my own blogs every month, about each month’s patches.

Mary Jo Foley:
Nice.

Harjit Dhaliwal:
So, my blog site, it’s harjit.us. And you’ll see when I started in January, February, March, and then I put some updates to it, like, as I find like, oh yeah, you know, on such a day now there’s a new update for this, whatever. And I also cover third party patches as well. Like, you know, Oracle, Java, you know, things like that.

Harjit Dhaliwal:
Adobe. So it’s like a one-stop shop kind of a thing for people, and I have links. So that’s one site. And then obviously my Twitter, I’m very active on Twitter. And my friend, Anoop Nair from India. He’s a huge, because of Endpoint Manager guy. And we started a technical YouTube show called Namaste Techies, right.

Mary Jo Foley:
Oh, cool.

Harjit Dhaliwal:
You know, we’ll often tweet that out and all that stuff. So we started doing that stuff too. We started sharing there as well. So there’s lots of information. I think the best easiest is to follow my blog and then expand out from there because I provide all the other resources there.

Mary Jo Foley:
Great. I didn’t know about your blog. So that’s a new resource for me. I follow you on Twitter obviously, and if you don’t already follow Harjit, he’s @Hoorge, right?

Harjit Dhaliwal:
Yes, that’s right.

Mary Jo Foley:
So you should follow him.

Harjit Dhaliwal:
Thank you.

Mary Jo Foley:
All right, Harjit. Thank you so much for taking all the time and explaining all these posts, because there were a lot of them and I felt a little befuddled, I have to admit at the end. So now I feel better about understanding them.

Harjit Dhaliwal:
Yeah, no, and you know really thank you for having me again. I know I did this with you once before so it’s a lot of fun and it’s nice to just be, you know cordial and just talk about this stuff and hopefully like, you know your listeners will have something to, walk away from this chat that we had. And definitely reach out. And I encourage them, you know, to reach out to me. I’m not, you know, I’m not closing the doors, you know, reach out, contact me if you need some assistance or information and things like that and I’m happy to engage.

Mary Jo Foley:
That’s great, thank you very much for doing that. I use you that way myself sometimes when I need help on patches and thank you very much. For everyone else listening right now to this chat or reading the transcript, I will be putting up more information soon about who my next guest is going to be. And once you see that you can submit questions directly on Twitter using the #MJFChat. In the meantime, if you know of anyone else, or even yourself who might make a good guest for one of these chats, do not hesitate to drop me a note. Thank you very much.

Harjit Dhaliwal:
All right, great. Cheers, everybody.

  continue reading

20集单集

所有剧集

×
 
Loading …

欢迎使用Player FM

Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。

 

快速参考指南