- Microsoft Edge: Open new tab without MSN news, configure start pages with GPO - Tue, Jan 4 2022
- Turn off web search in Windows 11 using Group Policy - Tue, Dec 28 2021
- Set default web browser in Windows 11 using Group Policy - Thu, Dec 23 2021
According to the current release cycle, the autumn update is a kind of service pack, which also brings some smaller innovations. It is therefore considered to be the more stable version of Windows 10 than the one shipped in the first half of the year. Hence, it is particularly recommended for companies. For this reason, the Enterprise Edition of the H2 updates receives 30 months of support starting from the release date, whereas in spring it is only 18 months.
ADK 2004 for deployment ^
For users already running Windows 10 2004, the upgrade to 20H2 is delivered the same way as a cumulative update. Since the 2004 release is probably not widely used in organizations, they must implement a regular update, either by wipe and load or in-place.
Microsoft provides the Windows ADK for this purpose, which is also used by more sophisticated tools such as the deployment toolkit (MDT). However, Windows 10 does not need its own ADK because its core is more or less the same as in version 2004. This also applies to the Windows Preinstallation Environment (WinPE), which has been available as a separate download since version 1803. The ADK for 2004 and 20H2 can be downloaded from Microsoft's website.
Downloading the ADMX templates ^
In contrast to the previous versions, Microsoft now provides the administrative templates for group policies in time for the rollout of the new operating system. As usual, the latest ADMX files are also included in the OS.
But if you want to manage the current Windows 10 from an older workstation or a central store, you need the templates that Microsoft offers as a separate download. They also come with numerous language files, while the operating system itself only provides them in English and in the localized language.
Security baseline ^
As previously mentioned, the security baseline is currently only available as a draft. While there are virtually no new GPO settings in Windows 10 20H2 that could have been included in this security best practice, it still brings some changes.
Microsoft has decided to add existing settings in this recommended configuration. Three of these affect Defender Antivirus. Admins may allow the virus scanner to block files both with virus definitions and with cloud-based machine learning techniques ("First Sight").
There are also two settings to reduce the attack surface. Both define rules for Defender Antivirus. They are called Use advanced protection against ransomware and Block persistence through WMI event subscription.
Subscribe to 4sysops newsletter!
The preliminary baseline is available as an attachment to this blog post on Microsoft's Tech Community. The settings can be imported into your own systems following the included documentation. But most likely you will wait for the final version.