Microsoft released version 22H2 of Windows 10 (Windows 10 2022 Update). It offers practically no new features for end users but introduces some changes that are relevant for admins. These include extensive alignment of group policies and the security baseline with Windows 11 22H2.
Avatar

Microsoft marketing describes the new release in its announcement as having "limited scope of new features and functionality." In practice, the company has not yet mentioned any new features in Windows 10 2022. These are essentially limited to the integration of previously released updates and quality improvements. Accordingly, the upgrade from previous versions (starting from 20H2) to 22H2 is again shipped as an enablement package that installs like a monthly update.

Longer support by updating

Nevertheless, the 2022 release is important for organizations because it extends the support period for the operating system. For Windows 10 21H1, support ends on December 13, 2022, and for the 20H2 Enterprise Edition on May 9, 2023.

Users of these versions are recommended to switch to the latest release. Its support will last until May 14, 2024, for the Home and Pro editions and until May 13, 2025, for the Enterprise edition.

Alignment of group policies

Together with the OS, Microsoft published the corresponding administrative templates for the group policies as well as the documentation, in the form of a familiar Excel spreadsheet (Group Policy settings reference spreadsheet for Windows 10, version 22H2).

One annoyance with Windows 10 21H2 was that the group policies for the same version of Windows 11 were not backward compatible. This was because Windows 10 received some new settings that were not yet present in Windows 11. Mixed environments could therefore not be fully managed using a central store.

This situation will now improve because Windows 11 22H2 received most of the settings that were still exclusive to Windows 10 21H2. This applies to:

  • Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
  • Reset zoom to default for HTML dialog boxes in Internet Explorer mode
  • Suppress the display of the Edge deprecation notification
  • Limit printer driver installation to Administrators

However, the ADMX of the latest Windows 10 still includes settings that Windows 11 22H2 does not have:

Set the Remote Desktop licensing mode AAD per User: Here, the selection is limited to Per User and Per Device, while Windows 10 still offers the additional option AAD per User.

The licensing option for Azure AD users is still missing in Windows 11

The licensing option for Azure AD users is still missing in Windows 11

Allow Telemetry: Enhanced: Windows 11 has the options Security, Required, and Optional, while Windows 10 2022 also shows Enhanced.

The telemetry configuration setting has an additional option in Windows 10

The telemetry configuration setting has an additional option in Windows 10

Scan packed executables: This setting for Windows Defender is still missing in Windows 11.

There are also two settings for Japanese and Korean input (IME), which Windows 11 has not yet made up for. These are Turn on Live Sticker and Turn on lexicon update.

Two other settings have even been added to Windows 10 22H2, which you will not find in Windows 11:

  • Hide Internet Explorer 11 retirement notification
  • Turn on multiple expanded toast notifications in the action center

The IE policy is no longer needed in Windows 11, since the browser is already disabled as a standalone application there. For backward compatibility, Microsoft should have included it anyway.

ADMX for Windows 11 as a better choice

If you don't need these few options that are exclusive to Windows 10 22H2, you should go straight for the ADMX for Windows 11 22H2, even in pure Windows 10 environments. They organize the numerous settings for Windows Update in four folders, while Windows 10 continues to present most (largely outdated) policies in a long list.

The new settings in the Windows 10 22H2 administrative templates are also largely included in the ADMX for Windows 11 2022

The new settings in the Windows 10 22H2 administrative templates are also largely included in the ADMX for Windows 11 2022

The new settings in the Windows 10 22H2 administrative templates are also largely included in the ADMX for Windows 11 2022

The ADMX for Windows 11 2202 also covers the settings that are new with Windows 10 22H2:

  • Allow search highlights
  • Cloud policy details
  • Configure redirection guard
  • Configure RPC packet-level privacy setting for incoming connections
  • Control whether or not exclusions are visible to Local Admins
  • Enable auto-subscription
  • Enable global window list in Internet Explorer mode
  • Manage processing of queue-specific files
  • Show or hide "Most used" list from Start menu

Security Baseline

The Security Baseline has also been aligned between the current versions of Windows 10 and 11. On the one hand, Microsoft included some new policies in these best practices, and on the other, Windows 10 received the new settings mentioned above, some of which are recommended by the baseline for Windows 11 2022.

Download the Security Baseline for Windows 10 2022 as part of the Security Compliance Toolkit

Download the Security Baseline for Windows 10 2022 as part of the Security Compliance Toolkit

These are the following policies for printing:

  • Limit installation of printer drivers to administrators
  • Configure RPC packet-level privacy setting for incoming connections
  • Configure redirection guard
  • Manage processing of queue-specific files

For a description of these settings, see my article on the Security Baseline for Windows 11 2022.

In addition, as with Windows 11, there are policies to secure Local Security Authority (LSA) and a policy to reduce the attack surface. The baseline announcement also includes a note about the new local account lockout policy for the built-in administrator account.

Windows ADK

There is not much to report about the Windows Assessment and Deployment Kit. The toolbox for image management and assessing the update readiness of PCs has remained unchanged since Windows 10 2004 and is therefore also valid for the 22H2 release.

This also applies to Windows PE, which has needed to be downloaded separately from the ADK for some time.

Summary

While Windows 10 2022 brings almost no new features for end users, admins get an extended set of group policies. It mainly contains settings that already exist in Windows 11 and are partly included as recommendations in the Security Baseline.

Subscribe to 4sysops newsletter!

The two operating systems were aligned mainly because Windows 11 22H2 made up for some of the previously exclusive settings of Windows 10. Nevertheless, the ADMX for Windows 11 is still not fully backward compatible.

avataravatar
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account