Windows Update for Business Group Policy Changes for Windows 10 1607

If you have deployed Windows 10 to your organisation then you might be familiar with the new Group Policy setting that allowed you to defer the upgrade of Windows 10. These policy setting also know as “Windows Update for Business” allows you to delay by up to 8 months the OS upgrade that Microsoft delivers to you via Windows Update (see below).

DeferUpgradesandUpdateGPEdit

DeferUpgradesandUpdate

However, with the release of Windows 10 1607 the Group Policy setting “Defer Upgrade and Updates” has been completely removed and replaced by new policy settings under “Windows Update>Defer Windows Updates” (see below).

DeferUpgradesandUpdateGPEdit1

The two new policy settings called “Select when Feature Update are received” and “Select when Quality Update are received” (see below).

SelectWhenFeatureUpdateAreReceived SelectWhenQualityUpdatesAreReceived

NOTE: Some times when Microsoft release a new OS they might rename the GPO setting but still keep the underlying Registry Key the same. This means that the name of the policy setting has changed but the actually setting is preserved when upgrading. But this is *NOT* the case. Therefore, you might want to go back to your ADMX Group Policy Central store de-configure the “Defer Upgrades and Update” GPO setting before upgrade the policy files.

Alternatively, you could just leave the policy setting configured and do the ADMX upgrade and just live with the “Extra Registry Settings” message in GPMC (See below).

Note: This policy will still apply with the “Extra Registry Settings” will still apply to the Windows 10 1511 build.

Windows Update Extra Registry Keys

Then at a later stage once all your Windows 10 1511 computer have upgrade to 1607 you can either quickly swap the “WindowsUpdate.admx” and “WindowsUpdate.adml” in the central store and then just de-configure the policy setting to clear the above “Extra Registry Settings” message from the policy.

Windows 10 1607 Group Policy Spreadsheet

Micorosft has continued their rapid pace of releaseing new version of Windows 10 and has now released a the 1607 Anniversary update. As with any new major release of Windows there is of course an updated and new Group Policy settings. Therefore the Group Policy team have now released an update Group Policy setting spreadsheet that is an excellent reference to find all the new settings.

If you are not familiar with this spreadsheet(s) they are a reference sheet done by the Group Policy team taken from the ADMX files of each of the OS releases. This makes it very easy to find details about each GPO including what registry keys are set based on the policy setting.

In case you are not sure the “Windows10andWindowsServer2016PolicySettings.xlsx” is the version for 1607.

Settings

Security Compliance Manager 4.0 now available for download!

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016.

You can easily configure computers running Windows 10 and Windows Server 2016 based on Microsoft Recommended Security Baselines and industry best practices.

You can download SCM 4.0 here.

Updates include:

  • Support for existing Windows 10 version 1507, and Windows 10 version 1511 security baselines
  • Support for upcoming Windows 10 version 1607, and Windows Server 2016
  • Bug fixes for ‘Compare’ and ‘Simple View’ features in SCM

The latest version of SCM offers all the same great features as before, plus bug fixes, and added support for upcoming baselines. SCM 4.0 provides a single location for creating, managing, analyzing, and customizing baselines to secure your environment quicker and more efficiently. In addition to the latest software releases, you can also configure previous additions of Windows client, Server, and Microsoft Office.

SCM provides DCM 2007 configuration packs that allow you to manage configuration drifts using Microsoft System Center Configuration Manager. Microsoft’s Operations Management Suite also supports monitoring for Security Baselines in your Server environments.

from Microsoft Solution Accelerators Security & Compliance http://ift.tt/2aASzxE
via IFTTT

The post Security Compliance Manager 4.0 now available for download! appeared first on Group Policy Central. by Alan Burchill

from Group Policy Center http://ift.tt/2aAPTAw
via IFTTT

Security Compliance Manager 4.0 now available for download!

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016.

You can easily configure computers running Windows 10 and Windows Server 2016 based on Microsoft Recommended Security Baselines and industry best practices.

You can download SCM 4.0 here.

Updates include:

  • Support for existing Windows 10 version 1507, and Windows 10 version 1511 security baselines
  • Support for upcoming Windows 10 version 1607, and Windows Server 2016
  • Bug fixes for ‘Compare’ and ‘Simple View’ features in SCM

The latest version of SCM offers all the same great features as before, plus bug fixes, and added support for upcoming baselines. SCM 4.0 provides a single location for creating, managing, analyzing, and customizing baselines to secure your environment quicker and more efficiently. In addition to the latest software releases, you can also configure previous additions of Windows client, Server, and Microsoft Office.

SCM provides DCM 2007 configuration packs that allow you to manage configuration drifts using Microsoft System Center Configuration Manager. Microsoft’s Operations Management Suite also supports monitoring for Security Baselines in your Server environments.

from Microsoft Solution Accelerators Security & Compliance http://ift.tt/2aASzxE
via IFTTT