Any way to keep Windows at a specific version?

Discussion in 'Operating Systems' started by burritoincognito, Jan 12, 2018.

  1. burritoincognito

    burritoincognito Gawd

    Messages:
    705
    Joined:
    Sep 17, 2012
    I have a couple virtual machines that work properly in 1703, but fail in 1709. Microsoft hasn't seemed to put out a fix for it yet. If RemoteFX is enabled, when people disconnect from RDP and try to reconnect, it builds new sessions rather than reconnecting to old ones, orphaning in-progress work. If RemoteFX isn't enabled, it works, but you lose out on GPU acceleration.

    Not really acceptable when doing renders and computations.

    I'm managing updates via WSUS, and before I just go drill down and create a new group for just those 3 virtual machines out of 1500+ systems, is there a way to make Windows permanently stick to 1703 until updates are no longer visible? I know I can defer for 6 months, but I honestly don't know that MS will have a fix in 6 months, and unless we decide to spend $12,000 to buy new physical machines, I don't know when we can move to something else. I'd prefer we pick up a new system and go a GPU passthrough w/ VMware route, but while it takes less rack space, it does make things more complicated than just tossing PCs on a shelf to just chug there and get RDP'd into.

    Something that I could set in Group Policy would be great, so I don't have to choose which AD group I want to put it in ("Do I want mapped drives and other things engineers use to be easy, or do I want to treat it like a server, where it doesn't get unnecessary crap that isn't applicable to an RDP session user?"), or always have 2 updates set at 44/45 for installation. This 1709 rollout has been problematic with it breaking Outlook MAPI, and at this rate, by the time I've rolled it out to everyone properly, it'll be time for 1803.
     
  2. bigdogchris

    bigdogchris Wii was a Novelty

    Messages:
    16,986
    Joined:
    Feb 19, 2008
    The new versions are considered "Feature Updates". If you are not downloading them then they should never get distributed via WSUS. There's no need to create a new OU or policy for that, just don't download Feature Updates.
     
  3. burritoincognito

    burritoincognito Gawd

    Messages:
    705
    Joined:
    Sep 17, 2012
    But, I do want to push those updates to MOST machines. I'm purposefully downloading them for distribution, it's that I just have to stick with 99.998% instead of 100% intended upgrades. I have been using WSUS to successfully push out updates to 1607, 1703, and 1709 to all the other computers.
     
  4. bigdogchris

    bigdogchris Wii was a Novelty

    Messages:
    16,986
    Joined:
    Feb 19, 2008
    There is no built in way to keep a specific version off Semi-Annual Channel other than just disabling Windows Updates altogether. We've struggled to get Microsoft to even allow us to delay feature updates. At least now we can delay them.

    You're only choice is to delay the update, create a new WSUS group and use client side targeting to put the computers in question into that group and not push the feature updates to it, or switch to LTSB 2015 or 2016.
     
    Last edited: Jan 12, 2018
  5. burritoincognito

    burritoincognito Gawd

    Messages:
    705
    Joined:
    Sep 17, 2012
    I'm not sure how our volume licensing stuff handles the LTSC. If we had Enterprise, I think it'd be easier.
     
  6. bigdogchris

    bigdogchris Wii was a Novelty

    Messages:
    16,986
    Joined:
    Feb 19, 2008
    If you only have a handful of computers, just buy Enterprise licensing for them and get Software Assurance. That will grant you a LTSB license and will let you stay on the version as long as you want without none of the other stuff.

    Just talk to someone at CDW (or any other legit reseller) and their licensing specialist will help you out.
     
  7. thenjduke

    thenjduke Limp Gawd

    Messages:
    339
    Joined:
    Jul 24, 2007
    Enterprise license will do this for you. There is no upgrade path unless you manually do it. This is what we are currently doing in our Windows 10 VDI Deployment. We are going with I believe 1607 LTSB