Home / Windows 10

Installing and deploying the Windows 10

How to balance two occasionally conflicting concerns: the legitimate needs of users for a customized and comfortable experience, on the one hand, and the organization's needs for security and manageability on the other.

You can adopt a refreshingly different set of priorities for the Microsoft Windows 10 Technical Preview. For enterprise customers, the main purpose of the preview is to evaluate an operating system that is a work in progress to provide feedback to guide Microsoft in its development process.

This preview release is not for broad deployment. In limited installations, independent of your organization's deployment and management infrastructure, you can experiment with considerably more freedom than if you were evaluating finished software and planning its deployment in a production environment.

Windows 10 is rolling out in phases. The first release, with a feature set that emphasizes the needs of consumers and small businesses, will be broadly available in summer 2015. The Windows 10 ecosystem should become even richer in the fall, as new devices appear in the market with hardware (biometric sensors, for example, as well as USB-C connections) that enables new Windows 10 features.

And unlike previous Windows releases, Windows 10 will continue to evolve, with new features, big and small, appearing as a part of the same cycle that supplies security and reliability updates. Members of the Windows Insider program will continue to see new features and provide feedback to Microsoft before those features are made available to all Windows 10 customers. If a feature isn't ready for widespread release in one update, it might appear a few months later.

The next version of Windows Server, built on the same foundation as Windows 10, is in a Technical Preview release now, with a planned final release available in 2016. Some features in Windows 10 Enterprise that require complementary features on the server side, by necessity, also will appear in 2016. In some cases, those new features might also require updates to current Windows Server versions.

Microsoft says the next release of System Center Configuration Manager, which will include support for Windows 10, is on the same track as Windows Server, with a 2016 release date. Updates to some currently supported pieces of the System Center infrastructure will also include support for Windows 10. System Center Configuration Manager 2012 and 2012 R2 will be updated to support management and deployment of Windows 10, while updates to Configuration Manager 2007 will add management support only.

That is a pretty unsettled landscape, which is why this tutorial emphasizes processes for installing and configuring individual Windows 10 devices for evaluation purposes. Also include an overview of the roadmap for Windows 10 support in Microsoft deployment tools.

Compatibility and preparation

It is too early to begin planning a wide-scale Windows 10 deployment. But you can certainly make life easier on your future self by making some intelligent deployment decisions for your organization now.

The hardware requirements for Windows 10 are identical to those of Windows 7 and Windows 8.1, so any device that can run either of those operating systems should be capable of running the Windows 10 Technical Preview. In addition, most desktop applications that run on Windows 7 should also run on Windows 10.

Windows 8.1 is the best choice for existing touchscreen-equipped devices. It offers a straightforward upgrade path to Windows 10.

For conventional (non-touch) desktop PCs and laptops running Windows 7, there's an equally straightforward path to Windows 10. In fact, the current Windows 10 Technical Preview is available as an upgrade to Windows 7 for anyone who enrolls in the Windows Insider program and opts in for Windows 10 to be delivered through Windows Update.

To install Windows 10, you need sufficient free storage space (at least 16 GB for 32-bit versions and 20 GB for 64-bit) and sufficient installed RAM (a minimum of 1 GB for 32-bit, 2 GB for 64-bit), or the installation will be blocked. The processor must support Physical Address Extensions (PAE); Data Execution Protection, via the No-eXecute (NX) page-protection feature or the eXecute Disable (XD) bit feature; and Streaming SIMD Extensions 2 (SSE2). A small number of older PCs might be blocked from 64-bit installations because their processors don't support specific instructions like these: CMPXCHG16b, PrefetchW, and LAHF/SAHF.

The following device types are incompatible with Windows 10:

  • The Surface RT, Surface 2, and other devices running Windows RT are not compatible with the Windows 10 Technical Preview and will not be upgradeable to the final release of Windows 10.
  • Small tablets with 32 GB or less of storage that were configured using WIMBoot were blocked from upgrading to some releases of the Windows 10 Technical Preview. Microsoft has removed this limitation in current preview releases.
  • The Windows 10 Mobile operating system, although closely related to Windows 10 in many respects, is delivered separately. The Windows 10 Technical Preview bits that are available for installation on PCs will not work on phones.

Enterprise deployment tools: A roadmap

Most of Microsoft's enterprise deployment tools are on a different development cycle from that of the Windows 10 Technical Preview.

The next version of System Center Configuration Manager will include full support for deployment, upgrade, and management of Windows 10 desktop operating systems and associated updates. Microsoft also says it has plans to provide an update for System Center 2012 R2 Configuration Manager to support Windows 10 deployment, upgrade, and management. The Microsoft Deployment Toolkit (MDT) also will be updated with support for Windows 10.

As of early 2015, the Windows Assessment and Deployment Kit (ADK) is available in a preview release for Windows 10. (For download instructions and links to details about what's new, see http://dev.windows.com/en-US/featured/hardware/windows-10-hardware-preview-tools.)

The options available when you install the preview release of the Windows ADK. The individual options available with the new Windows Assessment and Deployment Kit are designed for IT pros and hardware manufacturers.

If you've used the ADK with previous Windows deployments, you should definitely evaluate this preview ahead of its final release. The new ADK includes some significant improvements:

  • Provisioning support:
    This capability allows you to create special packages that you can use to customize new Windows 10 devices, "provisioning" them for use in your enterprise without having to wipe the preinstalled OEM image and load a custom image of your own creation.
  • System file compression:
    You can run Windows 10 directly from compressed files. The effect is similar to WIMBoot, a feature that was introduced in the Windows 8.1 Update. The new process is more elegant (and much more efficient) because it uses individual files instead of a static Windows Image (WIM) file. When updating system files, Windows 10 replaces the old files instead of keeping both copies.

In addition, the ADK contains documentation for two useful features that are part of Windows 10:

  • Push-button reset:
    This feature, available since Windows 8, now incorporates system updates by default. When a user needs to use the Reset option to recover from a problem, the new image is fully up to date, with no need to reinstall new updates.
  • Partial language packs:
    Instead of adding full language packs (which can consume excessive disk space), you can add just the base user-interface files for a language. Windows will download the full language packs via Windows Update if needed when enabling features such as handwriting or voice recognition.

Windows 10 installation options

After Windows 10 is formally released, you'll be able to create images that you can deploy throughout your organization. During this evaluation phase, however, you'll perform most installations manually, using clean installs.

This section discusses the ins and outs of those options.

Upgrade or clean install?

The simplest option by far is an in-place upgrade. Eventually, you'll be able to automate this process in your organization on devices running Windows 7 or Windows 8.1, using the Microsoft Deployment Toolkit (MDT), System Center Configuration Manager, or an alternative software distribution tool.

For a single device, using Windows Update to initiate the Windows 10 upgrade is a perfectly reasonable choice. During the preview period, making the upgrade files available in Windows Update requires registering for the Windows Insider program (https://insider.windows.com) and then opting in to install the preview by running a small configuration utility.

This option is available on any device running Windows 8.1 or Windows 7, provided it meets the system requirements described earlier in this tutorial.

The upgrade process is generally quick, with the biggest influence on total time being the speed of your Internet connection. In general, an installation should take no more than a couple of hours, and can be much faster. The image-based installation has been field-tested on hundreds of millions of PCs over the past few years. If something goes wrong, the Setup program will automatically roll back to the previous version of Windows with all data files and configuration details unchanged.

Note:
If you use a third-party, disk-encryption tool, take extra time before you even think about moving to Windows 10 on a device with encrypted storage. The in-place upgrade process should work flawlessly on systems protected with BitLocker encryption, but the Windows installer isn't able to access disks encrypted using third-party software. Your safest option is to disable all encryption before upgrading, and then restore the encryption after the upgrade is complete. Microsoft is working with the providers of encryption software to make this process smoother when Windows 10 is officially released.

You also can start an upgrade from Windows 7 or Windows 8.1 by using physical installation media or a mounted ISO file. Choosing this option kicks off the familiar Windows upgrade workflow.

In any of these upgrade scenarios, assuming the operation completed smoothly, the result is a device running the same Windows edition (Core, Pro, or Enterprise) as the pre-upgrade device. Data files, apps, and settings should be migrated completely in most situations, although it's possible you'll find small errors in the process, especially in preview releases.

To perform a clean install, you need to boot from installation media (a USB flash drive or a DVD, or an ISO file in the case of a virtual machine). If you choose to format the destination drive, the process is destructive, wiping out all apps and data. If you choose an existing volume but don't erase it, existing files are moved to a Windows.old folder, where they can be recovered in a pinch.

Note:
Don't delete the Windows.old folder unless you're desperately in need of disk space. In Windows 10, the existence of this folder allows you to roll back from Windows 10 to your previous Windows version from the Recovery option in the Settings app. Keep it until you absolutely need to delete it. If you decide that you no longer need those files and want to reclaim the space they're occupying, run the Windows Disk Cleanup utility (Cleanmgr.exe) as an administrator. Choose the Previous Windows Installation(s) option to get rid of those files permanently.

Choosing an account type

In an upgrade, Windows 10 preserves your existing user profile and prompts you to sign in using the same credentials as on the upgraded device. On a clean install, you need to create the first account from scratch. In Windows 10, you have three options:

  • Microsoft account:
    This is the default option for a personal device that isn't joined to a domain. A Microsoft account (which is the direct descendant of the former Passport and Windows Live ID services) uses an email address and password to enable a variety of cloud services. For Windows 10 devices, the most immediate benefits are the ability to sync settings and files (using OneDrive) between devices signed in with the same account. Depending on your network policy, it's possible to link a Microsoft account to a domain account so that a domain-joined machine can get the benefit of syncing settings.
  • Work account:
    As an IT pro, you're probably intimately familiar with domain accounts, which use Active Directory credentials to authenticate users and allow access to resources on a shared enterprise network. Windows 10 includes the option to connect to an Azure Active Directory account, which allows access to cloud-based resources such as Office 365. Setting up a work account can also allow mobile-device-management software on the corporate network to handle device enrollment and enforce company policies.
  • Local account:
    This account option is difficult to find in some Windows setup configurations, but it's still possible to enable this type of account. The credentials are stored only on the local device.

In a clean install, after you get past the license agreement and installation options, you'll reach a crucial stage of the Setup program. If you're using Windows 10 Enterprise, the setup program assumes you're doing so on a work device. If you're using Windows 10 Pro, you have a choice to make.

Choosing the first option (This Device Belongs To My Company) and clicking Next leads to a slightly confusing dialog box that prompts you to set up "your work or school PC." That dialog box is intended for Azure Active Directory credentials, such as those linked to an Office 365 account. But first, you see a warning dialog box that includes this crucial caveat:

Important:
If you plan to join your PC to your work domain, select Continue and choose the link to Set Up Windows with a local account instead. After you sign in to Windows with that local account, you can join your PC to the domain as you have in the past.

If you choose to enroll with your work account now instead of creating a local account, do not attempt to join your PC to the domain later. If you do, you won't be able to sign in to your PC.

That's a pretty clear warning. When you reach the Setup page, enter your workplace account only if you have Azure Active Directory credentials such as those with an Office 365 Enterprise account.

Choosing the local account setup leads to a page that should be familiar to anyone who has installed Windows in the past two decades.

If you tell Windows that you're setting up a personal device, you're taken by default to a setup page that strongly urges you to use an existing Microsoft account or create a new one. The two available options.

If you sign up with the same Microsoft account you use on other devices, any settings you chose to sync from those devices will be replicated on the new device. You'll also have access to the Windows Store and to any cloud services that are linked to that Microsoft account, including OneDrive, Outlook.com (formerly Hotmail) email, and Xbox services.

You can create a Microsoft account using any email address, including a personal address with a custom domain; you're not limited to the Microsoft-owned Outlook.com, Live.com, and Hotmail.com domains.

Although it's not immediately obvious, the option to create a local account is also available from this page. Click or tap Sign Up, as if you were planning to create a new Microsoft account. Ignore the boxes at the top of the page and instead click or tap the nearly invisible link in the lower-left corner, Connect My Account Later.

Which account type should you use?

For evaluating Windows 10 in the enterprise, joining the device to the domain and signing in with a domain account is the best way to assess compatibility with your existing network. That option requires that you first create a local account.

Work accounts are appropriate for Office 365 and other Azure Active Directory deployments.

For all other situations, the best choice is a Microsoft account, especially if the owner of the device already uses Microsoft services and plans to use Windows 10 on other devices with the same account.

It's tempting for experienced Windows users to gravitate toward the comfort zone of local accounts, especially if you're concerned about the possibility that personal or business information will accidentally spill over into the evaluation environment.

In that scenario, a better choice than a local account is to create a new Microsoft account using a free Outlook.com address. Choose an alias that clearly identifies it as an evaluation account, and use its free file storage and email capabilities strictly for testing purposes. That option lets you see the benefits of a Microsoft account with minimal risk.

And there's a singular advantage to that strategy as well: it allows you to turn on BitLocker encryption for the test device and save the recovery key to secure storage using the alias you created.