Windows 10 1903: The most significant new features for professional users

• Author
• Recent Posts

Wolfgang Sommergut

Wolfgang Sommergut has over 20 years of experience in IT journalism. He has also worked as a system administrator and as a tech consultant. Today he runs the German publication WindowsPro.de.

Latest posts by Wolfgang Sommergut (see all)

• Join Windows 11 to an Active Directory domain - Thu, Jun 1 2023
• Change Windows network profiles between public and private - Wed, May 24 2023
• How to map a network drive with PowerShell - Wed, May 17 2023

Windows 10 1903 seems to be the first release within Microsoft's once-again redesigned development cycle. One sign for this change is the so-called skip-ahead ring of the Insider Program.

So far, this gives users access to previews of the next upgrade even before the release of the current version. At this time, it would be Windows 10 1909, but Microsoft is already delivering previews for Windows 10 20H1 in this ring.

The skip ahead ring already delivers previews for Windows 10 20H1

The official explanation for this approach is that version 20H1 receives features that require a longer development time. However, there is some evidence that after the quality issues in Windows 10 1809, Microsoft would like to reduce the update pressure by delivering only one release a year that has major changes.

Autumn updates for corporate customers

This will be the role of the spring update, and the following fall release will serve primarily for quality assurance. Accordingly, it makes sense for companies always to wait for the second update of the year because it essentially acts like a service pack.

A second indicator for a new development cycle with a major and a minor release per year is the recent change in Microsoft's support policy. Since version 1809, users of the Enterprise Edition receive 30 months of support for the autumn update, whereas in spring they only get 18 months.

Changes to the update process

Version 1903 also changes the actual update process. For Windows Update for Business, the semi-annual channel targeted (SAC-T) is no longer available, so that each release appears immediately in the semi-annual channel (SAC). As a result, users cannot postpone feature updates by choosing SAC.

It is no longer possible to postpone feature updates by selecting SAC in Group Policy

A new option in the settings app can postpone the installation of quality and feature updates independently. This does not play a role in managed environments because the admin sets the time for installing updates via WSUS or SCCM.

More flexible restart

More interesting are two new features that help control restarting the computer during updates. The first feature is more flexible active hours, which the system automatically determines based on the user's habits.

Windows 10 1903 can adjust active hours based on the user's habits

The other feature is a new Group Policy Object (GPO) setting that forces a reboot after a certain period even outside the active hours and regardless of whether a user is logged on or not.

Recovery after failed updates

Microsoft improves the installation of updates by a so-called auto-rollback system. This ensures the system automatically resets itself to the previous state if an update fails.

This mechanism applies to both monthly cumulative updates as well as the installation of new drivers.

Reserving disk space for updates

A fresh install of Windows 10 1903 reserves approximately 7 GB of disk space for updates, apps, system cache, and temporary files, but it does not create a separate partition for it. The size of this storage also depends on the number of optional features and languages installed. The actual value is in the settings app.

The settings app displays the reserved disk space

Microsoft wants to ensure that system operations such as installing updates do not fail due to a lack of disk space. This reduces the capacity available to the user. On low-performance office PCs with small SSDs, the increased hardware requirements could be a problem.

Sandbox

The most important new feature is the Windows Sandbox. It is a contained environment from which no access to the host system is possible. In the Sandbox, IT professionals can perform tasks they should not do directly on an admin workstation, such as browsing the web.

Technically, it is a preconfigured lightweight virtual machine that does not require an explicit Hyper-V installation. It shares OS binaries with the host, so no separate patching is required.

The Sandbox starts each time with a pristine Windows 10

The Sandbox discards all data and applications it contains upon exit. To save user files, you can create your own transfer directories and copy the data there before closing the Sandbox. When needed, you can install applications automatically with the help of a startup script. For both cases, you have to provide a configuration file.

Web browser

Windows 10 1903 will not deliver any substantial innovations yet to the integrated Web browser. Edge in its current form is a phase-out model, and the transition from Microsoft's own rendering engine to Chromium is on the way.

Preliminary versions of Edge Chromium appear in three channels

The Chromium-based Edge recently appeared as a public preview and still lacks many functions for use in organizations. These include the support for group policies. However, a first official release could find its way into Windows 10 1909.

Application Guard for Chrome und Firefox

Edge is still the only browser that Microsoft supports with Application Guard. It is a similar feature to the Sandbox but is limited to the shielded use of a web browser.

Chrome extension for Windows Defender Application Guard

Microsoft recently released extensions for Chrome and Firefox. They pass URLs for external websites specified by the admin to Edge in the Sandbox, while internal pages, for example, continue to display in the default browser.

Group policies

As with every Windows 10 release, 1903 will add additional settings for group policies. These essentially do not apply to new features but only to existing ones.

Control of Storage Sense is now possible via GPO

You can now control Storage Sense centrally via GPOs. In addition, there is the abovementioned option for forcing a restart to install updates plus a setting to deactivate security questions in the event that users have forgotten their passwords.

Security baseline without password expiration

The security baseline is a collection of GPO settings Microsoft recommends to secure Windows servers and workstations. By using the Group Policy Analyzer, you can compare them with a backup of the policies currently in use. You can also import them when needed via Group Policy Management to secure the systems.

Currently, the baseline is still available as a preview, but it has already brought about controversial discussions. The reason for this is the removal of the password expiration policy, which forces users to change passwords regularly.

According to Microsoft, the disadvantages associated with the regular change of passwords (slightly modified variants of the same password, forgetting the new password and calling the helpdesk) outweigh the additional security.

Instead, companies should rely on multi-factor authentication or exclude trivial passwords using blacklists.

Of course, banning the expiration date for passwords from the baseline does not mean that the respective settings will disappear from group policies. Rather, it is just an update of the best practices.

User interface

A whole series of changes is obvious when you first log on to the system. This includes a slimmer Start menu, from which they've removed many of the preinstalled apps. Users can now also uninstall some of these apps, such as the 3D Viewer, Calculator, Calendar, Mail, or Groove Music. Until now, it was not possible to remove them interactively via the GUI.

Users can now remove more of the preinstalled apps via the settings app

Microsoft has lost the competition on digital assistants to Amazon and Google and therefore no longer sees any need to force Cortana on Windows users.

In managed environments, this step doesn't matter much, because you can deactivate Cortana via group policies. The same applies to the aforementioned manual deinstallation of apps, which the admin will usually delete from the OS image before deploying it to PCs.

Also, the significant expansion of the settings app to include more functions for configuring the system has no great relevance in companies. This includes, for example, IP configuration, for which users usually lack the permissions anyway and which the admin controls centrally.

You can now adjust IP configuration in the settings app

There is also an update for the integrated search, which by default only indexes files within the user profile. The settings app now allows easy extension of the index to the entire PC, but this was already possible before via the Control Panel.

You can easily extend the index for the desktop search to the whole PC

Terminal and filenames

Version 1903 brings a few minor changes to benefit IT pros. Those who work a lot from the command line will appreciate that you can now zoom in on PowerShell, bash, or command-prompt windows with Ctrl + the mouse wheel. Changing the small default font is therefore no longer necessary.

Additional settings for terminals in Windows 10 1903

In the settings of command-line windows, a new tab labeled Terminal lets you define colors and cursor types.

Explorer now also accepts filenames starting with a dot

The closer integration with the Linux subsystem is also noticeable; you can now create files in the Explorer whose names begin with a period. Many configuration files under Unix follow this convention.