LTSC: What is it, and when should it be used?
Published Nov 29 2018 07:02 PM 1.3M Views
Microsoft

Update 7/15/2019:  The content in this post applies to PC and laptop type devices converted to Windows 10 Enterprise LTSC, and not devices purchased with Windows 10 IoT Enterprise pre-installed. Examples of the latter include kiosks, medical equipment, and digital signs, i.e. use cases where devices are commonly treated as a whole system and are, therefore, “upgraded” by building and validating a new system, turning off the old device, and replacing it with a new, certified device. Organizations that leverage this approach are seeking the manageability and security of Windows 10 while staying on the same operating system version for the life of the device.


If you ask someone from Microsoft, or read industry guidance, about the best strategy for managing Windows 10 updates, the overarching recommendation is to use the Semi-Annual Channel (SAC) as the default servicing channel for Windows 10 devices. With the Semi-Annual Channel, devices receive two feature updates per year, and benefit from the best performance, user experience, security, and stability.

The Long-Term Servicing Channel (LTSC) is designed for Windows 10 devices and use cases where the key requirement is that functionality and features don’t change over time. Examples include medical systems (such as those used for MRI and CAT scans), industrial process controllers, and air traffic control devices. These devices share characteristics of embedded systems: they are typically designed for a specific purpose and are developed, tested, and certified before use. They are treated as a whole system and are, therefore, commonly “upgraded” by building and validating a new system, turning off the old device, and replacing it with the new, certified device.

We designed the LTSC with these types of use cases in mind, offering the promise that we will support each LTSC release for 10 years--and that features, and functionality will not change over the course of that 10-year lifecycle.

Differences between the Semi-Annual Channel and LTSC

As I noted above, Windows 10 devices in the Semi-Annual Channel receive twice-yearly feature updates, once in the spring and once in the fall. These updates contain new features, services, and other major changes. Security updates, optimizations, and other minor updates or patches are released every month thereafter.

To deliver on the commitment of no changes to features or functionality, a Windows 10 LTSC release does not contain any of the components of Windows 10 that may change over the life of the release. These components include Microsoft Edge (as a modern browser, it is constantly evolving to support the current modern browser web standards) as well as components/applications regularly updated via the Microsoft Store, such as Camera, Cortana, OneNote, and other modern apps that continue to advance with innovative improvements. 

Internet Explorer is included in Windows 10 LTSC releases as its feature set is not changing, even though it will continue to get security fixes for the life of a Windows 10 LTSC release.

The LTSC cadence

We create a new LTSC release approximately every three years, and each release contains all the new capabilities and support included in the Windows 10 features updates that have been released since the previous LTSC release. Unlike the year-and-month terminology employed to describe Windows 10 features updates (e.g. 1703 or 1809), LTSC releases are named with a specific year, such as Windows 10 Enterprise LTSC 2016 or Windows 10 Enterprise LTSC 2019, and they align to perpetual Office releases such as Office 2019.

Each LTSC release receives 10 years of servicing and support[i]. During the life of a LTSC release, you can upgrade your devices to the next or latest LTSC release free of charge using an in-place upgrade, or to any currently supported release of Windows 10. Because the LTSC is technically its own SKU, an upgrade is required from Windows 10 Enterprise LTSC to Windows 10 Enterprise, which supports the Semi-Annual Channel.

As with the Semi-Annual Channel, LTSC devices receive regular quality and security updates to ensure that device security stays up to date. While quality updates are available for Windows 10 Enterprise LTSC, you can choose to defer them using tools such as Windows Update for Business or System Center Configuration Manager.

Making a fully informed choice about the LTSC

Before its release and throughout the first year of Windows 10, many predicted that LTSC would be the preferred servicing channel for enterprise customers. This has turned out not to be the case, and the SAC is the predominant choice for enterprises today.

I’m currently working with a few early LTSC adopters who are now looking to unwind their LTSC deployments and shift to SAC. There are several reasons why using the LTSC can turn out to be the wrong fit for the Windows 10 devices in an organization. For example, one organization deployed LTSC to bring forward the same IT rules and image creation and management processes they had used since Windows XP, in this case to new Surface devices. You can imagine the reaction of their end users when they excitedly opened their new Surface devices, only to find that features such as Camera, Ink, and Pen did not work—and that they were missing many of the modern, touch friendly version of apps—because the devices had been “repaved” with a Windows 10 Enterprise LTSC release.

Another reason some organizations chose to adopt the LTSC centered around application compatibility. In talking with some of these organizations; however, initial concerns about application compatibility from release to release in their environment have proved to be a non-issue.

Considerations

All too often, I have seen strategic decisions about Windows 10 servicing options and the use of the Long-Term Servicing Channel driven by the wrong criteria; for example, IT professional familiarity prevailing over end user value and impact. The LTSC is designed for devices and use cases where features and functionality will not change. It provides 10 years of security servicing to a static Windows 10 feature set. If you are considering the LTSC for devices in your organization, please consider the following:

  • Silicon support: Windows 10 Enterprise LTSC will support the currently released processors and chipsets at the time of release of the LTSC. When choosing to utilize the LTSC, you must factor hardware into your decision, making sure you have a long-term supply of devices and service components for the life of your expected usage of the device. If the hardware your device is using needs to be replaced in five years, do you have a replacement supply to support the version you are running? You also want to be sure you have a hardware solution that will provide you with extended driver/firmware support to match your expected lifecycle use of the LTSC for that device. (See the Lifecycle FAQ to learn more about the Windows Silicon Support Policy.)
  • New peripheral support: Because the API and driver support models are not changing, the LTSC release you deploy may not support new hardware or peripherals that you need to use in your organization.
  • Application support: With each Semi-Annual Channel release following an LTSC release, there is a growing gap in APIs and functionality between the current Windows API in use by most all devices, and previous LTSC releases. Many ISVs do not support LTSC editions for their applications, as they want their applications to use the latest innovation and capabilities to give users the best experience. This is the case with Office ProPlus, which does not support Windows 10 Enterprise LTSC releases as it relies on Windows 10 feature updates and the Semi-Annual Channel to deliver the best user experience with the latest capabilities. (If you were using Windows 10 Enterprise LTSC 2019, you would, therefore, need to use Office 2019.)
  • Best security: Windows 10, with the latest feature update installed, is always the most secure release of Windows 10, offering the latest security capabilities and functionality.
  • Best stability: Windows 10, with the latest feature update installed, has the latest performance and stability improvements.
  • Greatest hardware choice: New devices target and ship with the latest Windows 10 release to light up new hardware capabilities and improvements.

Summary

The Long-Term Servicing Channel a tool designed for a specific job. When used for the right job, it’s a great solution, but when misaligned, it can be like trying to drive a screw with a hammer. It’s, at best, unsatisfying, and likely problematic at some point.

If you understand the considerations listed above, have secured hardware and support to align with the intended duration of usage, and have secured support for your applications, the LTSC can provide your organization with years of secure, static operation, with full servicing and support for its 10-year lifespan. For most use cases; however, I recommend the Semi-Annual Channel as the better option for security, stability, and hardware/application capabilities, and the overall experience of your end users.

To learn more, check out our on demand session from Microsoft Ignite on The pros and cons of LTSC in the enterprise.


[i] Ten years of support includes a minimum of five years Mainstream Support (during which both security and non-security updates are provided) and a minimum of five years Extended Support (during which only security updates are provided). Please see the Fixed Lifecycle Policy for Microsoft Business, Developer and Desktop Operating Systems for more detail.

71 Comments
Silver Contributor

You tell that preferred choice is changing in the industry? Any approximate numbers? Say a year ago 30% of enterprises preferred LTSC and today 25%?

 

I would love to stay on SAC, but with limited IT human resources, budget and time (like in most SMBs) it is too burdening to keep up. And what about "stability" flop of 1809? I doubt any serious org has started even testing and i feel 1903 will be released just after most update to the latest version. 2 updates per year is too often (i know i can skip, but what is the point then to use SAC anyway). We don't have money for Intune, SCCM, Enterprise versions. Dealing with feature updates via WSUS is PITA. Btw, is there x64 only feature update for 1809 in WSUS finally? A few weeks ago there was none. Why advertise new cool feature like 2 times smaller update size by splitting update into x86 and x64 and only providing packages for older versions?

 

I think LTSC believers won't disappear soon, as many may prefer stability (real stability) over theoretical improvements and possible problems. If anything, they numbers may grow after the 1809 blunder.

Microsoft

Hi Oleg,

 

Thanks for your discussion kickoff.  First to your question.

 

You over estimated LTSC usage.  Let me use a 3rd party source, so we remove any concern I'm trying to cook the books :)

 

https://meterpreter.org/data-shows-that-windows-10-april-update-market-share-soared-to-90/?cn-reload...

 

According to InfoTech's reporting, LTSC is at MOST 2% of all devices.  Other then servers and special purpose devices, it really is the exception today, and for desktop productivity usage,  movement is from it, to SAC.  

 

What is the LTSC end user missing?

He is a small subset, organized by release, of the featurs and functionality added in subsequent SAC releases.

SAC.JPG

I'm glad you are finding  LTSC great and stable for you,  I agree it is. I would submit for your consideration ( based on real data telemetry, and actual innovation we have added ) that I know the subsequent SAC builds are even more stable, better performant, and more secure. We will continue to work to address your servicing concerns and challenges, and hope that in the near future, we can make it work for you.

 

John 

Brass Contributor

Hi John.

I give You another example.

In our industry ( kind of Software development) we are using hundreds of different "bot" machines. Automated testing, compiling, building, etc systems. Most of those are still running older versions of Windows. Because people responsible for those processes doesnt have  absolute certainity, that those routines  work fine after every SAC upgrade. For those systems most of end-user features and functionalities introduced with new W10 release are pointless. So, for IT is very hard to sell them idea-  to screw twice per year all their systems. They have much important jobs to perform than test compatibility with next W10 release.  We are trying to keep our user stations on more recent versions - it cost us lot (time resources) and end-users dont understand why it is needed. they dont see benefit, or it is tiny compared to introduced problems.  

Silver Contributor

Yes, most changes on paper sound cool for IT enthusiasts, but not so interesting for end users, who maybe just work with a few spreadsheets and docs and not so into technology. They don't care about timeline, or doing screenshots with new app or connecting their phones to PC, etc. Main reason for IT to install it is to keep up to date, to have monthly cumulative updates weight less and to get IT updates like better Autopilot support and new policies, etc.

Copper Contributor
Brass Contributor

@John Wilcox The statistics provided in your earlier comment are extremely misleading in that they are based on Windows Store ads which would not include LTSB/LTSC releases at all. They would also not include organizations where the Windows Store is disabled via GPO. This is specifically mentioned in the article. All that is proved here is that Microsoft Update is extremely aggressive in Windows 10.

 

As for LTSC vs SAC: I would much rather spend the time to build a new image every year (or so) as new LTSC versions are released when the alternative is to have the user experience across the organization be turned upside down every six months as workflows change in Windows. That's before considering the major stability issues that seem to be plaguing the SAC branch on a regular basis.

 

In our organization, the most unstable machines by far are among the three that run SAC vs the many hundreds running LTSB at the time of writing.

Brass Contributor

These types of posts really upset me. You want consumers and IT Admins to stop resorting to an OS you say is intended for medical devices and kiosks? Then stop consistently putting out versions of Windows 10 that break NICs, lose data, reboot sans warning, and come pre-loaded with adware like candy Crush, xbox apps, start menu ads, lock screen ads, and 2 browsers. Can I ask why even Microsoft hasn't been able to untangle IE from their own "latest and greatest" rendition of Windows 10? "WaaS" is very new terminology and has yet to prove sustainable as a model. Lest we forget that a large portion of the Win10 market share came from Microsoft imaging entire organizations overnight with clandestine Windows 7 updates sometime around early 2017. People need usable images for VDI environments with video/network throughput limitations. People have older hardware that needs to be able to run mission critical, legacy software. Cortana and the App Store have no place on the majority of many workshop machines. Stop blaming your users for adopting something that actually works as a viable solution with STABLE updates. Stop using paying customers as beta testers. Can I ask what exactly happened to Patch Tuesday? Because for the last year, at least, updates have gone through no QA team and come down the channel seemingly at random. Occasional out of band patches are fine. Building the plane as it's taking off and then yelling at your passengers for deploying their parachutes when you hit turbulence is a good way to have an entire organization shift away from your airline.

 

I will point other readers to: https://www.howtogeek.com/395121/windows-isnt-a-service-its-an-operating-system/

Copper Contributor

One key element that haven't been touched in this article is the capability of the features in Windows 10 from 1511 to 1809, John posted a nice Picture of all the new features that has been added to Windows 10, and some ppl mock those and say that their users does'nt need to connect their phone or whatever. But they miss a vital Point and that's the capability of the said feature, for example Delivery Optimization "DO" the functionality of that so important feature has vastly imoproved since launch, and that's not the only feature that has been improved. If your on LTSC for the 10 year support, god knows what all background functionality you will miss out on. Being on LTSC for a longer time will also get you further behind the real World so when the day comes to upgrade to say LTSC 2025 you might find yourself in a situation where your dev team has been quietly developing with VS 2008 and all of a sudden you have a migration Project on the scale of Windows XP to Windows 7. Ofcource there are systems that are best being left alone from the fast paced outside World, but they are few and far apart.

 

Sure the quality in Microsoft releases have gone down since they fired thier whole QA team, so please MS rethink! but using that as an excuse to go for LTSC, nah.

Copper Contributor

A whole lot of the problem with people deploying LTSB/LTSC to do the desktop (us included BTWbtwould be solved if the Enterprise and Education versions of Windows were exactly that & not just re-badged versions of Home with a few enterprise features turned on. Lose Cortana, Windows Store, Candy Crush, Xbox, Music, etc. and you'd be half-way there.

 

Add in some decent modern tools to customise and control the deployment of images (SCCM is way overkill for anyone with less than thousands of seats (we tried - we needed more resources to run SC than the rest of the organisation), WDS seems stuck in the Windows 7 era) and the whole LTSB/LTSC on the Desktop issue would go away.

Silver Contributor

Actually, that's exactly what i meant in my comment, that users don't care for user features, so the only incentive for IT admins to install updates every 6 months is to stay secure and to get those hidden to the eye improvements (DO, Autopilot, etc.). The problem is that you can't "sell" these updates to users/execs. They need something useful they can get their hands on. As they don't get it, they are just annoyed with often updates that take long to install and don't see point in that. You want me to explain spreadsheet users how great recent DO improvements were? Of course, you can have an argument that it can save internet traffic cost and make less impact on network (in DO case). But on my previous job updates were handled via WSUS and we had unlimited broadband internet, so DO wouldn't do much for us. Anyway, IT admins are now tasked to do big updates twice a year, users don't see value in this. Background improvements are neat, if you have real use for them, but in the end, companies need a stable and secure OS to do work (by secure i mean just monthly security updates). This can be reduced to 1 update per year.

Silver Contributor

MS is touting Autopilot (and Intune) to be that next "image" deployment tool (not really an image in the regular sense, just a set of settings that will prepare Windows for work). But i can't see this being used in public sector where you don't know who will win new PC shipment tender. Could be some smallish local retailer who never heard about Autopilot.

Copper Contributor

Dear John,


i've recently read your interesting post about WIN 10 LTSC.

At the moment i am working on a project for a company to roll out WIN 10 and planning to use LTSC.

I have one question about the following sentences in your text:

"Each LTSC release receives 10 years of servicing and support[i]. During the life of a LTSC release, you can upgrade your devices to the next or latest LTSC release free of charge using an in-place upgrade, or to any currently supported release of Windows 10. Because the LTSC is technically its own SKU, an upgrade is required from Windows 10 Enterprise LTSC to Windows 10 Enterprise, which supports the Semi-Annual Channel."


Is the meaning right, that i will get each LTSC upgrade within ten years for free??? That will be a great feature.

Like in 5 years when there is for example version 2105, I will get that for free?

Can I ask you where you've got that information?


Thanks in advance and kind regards,

Marco

 
 
Brass Contributor
Maybe there wouldn't be so much interest in LTSC if your core offerings weren't so full of bloat. No IT professional asked for your data spigot aka telemetry. You can try and cram Edge down our throats all you want but we don't want it. We didn't ask for nor do we want all the consumer apps suggestions, chibi graphics and gamification. The problem is that you (Microsoft) have an agenda that does not align with the stated needs of IT professionals and advanced users. Rather than deliver the products that we want, you'd rather try to gaslight us into thinking that we're crazy for wanting an unbloated OS. An Xbox app in Windows 10 Enterprise? Really dude? Really?
Silver Contributor

It is even included in the Server SKU :D I have asked about Xbox app on another thread about Server security hardening and only got an answer that some role/feature might need Xbox to do something, like VDI or RDS (remote workers wanting to play some games?:)).

Copper Contributor

John, very nice overview. I work with OEM's that build appliances and I provide guidance primarily for OEM's rather than corporate america.  For those that are interested in more details around how to license via the OEM channel please have a look at my blog on Windows LTSB/LTSC here: http://ocs.arrow.com/msembedded/blog/to-update-that-is-the-question/

I would also mention that you did state it is a free upgrade between LTSC editions and that is not the case in the OEM channel. In fact in-place upgrades are prevented with the LTSC edition and it does require the purchase of a full new upgrade license.  

Copper Contributor

@WindowsChamp beat me to it. Again! Smiley Happy

Copper Contributor

Ok, I guess I want to throw my 2 cents into LTSC piggy bank :-). So, we have big Enterprise organization. Yep, one of those big ones that everyone knows. EVERYONE! And of course just like everyone else on this planet scared of staying on W7 because soon will be not supported, and as result non-compliance, audit, regulators and big, big fines! Does not sound good! So started moving with SAC. 1709. Well, because it was 1 year ago. 1803 was skipped - thanks to MS for announcing new strategy of supporting fall releases for 30 months instead of originally planned 18 months! Now got 1809. Yes, it was mess! In fact it was disaster. You were saying 09 means September? Yeah right! How about November? October was bug-fixes time ha-ha-ha! Halloween of bugs. But as you know, November is the time when things slow down. Why? Well, many reasons. First it is new fiscal year. First month is always slow. Besides everybody is in the Christmas mood. Santa coming to town in case you did not know. Then it is January, best time to go Dominican, Mexico or Cuba - prices doing down! Who does not like cheap vacation all-inclusive? Then February things start picking-up slowly. But hey, now business got scary, they want to test their Applications, but they don't have time. And you know, all those 3rd party agents? Security agents? Have you heard about them? They also may not work in 1809. So if we push 1809 we may break all machines. Risk is real, and everybody scary. But things not getting any better. Soon it will be 1909 and it only will be worse. So this is a road to perdition. What you suggest? Stay on 1709 or jump to 1809? What if something happens? It will be the END. And nobody want the END. Everybody want to live. Everyone want to retire happy ha-ha-ha! Now let's see why SAC is better (as per you list): 1. Edge is missing. Sure. But Edge is disaster. There are problems with SSO via ADFS because MS did not allow any browser to access ADFS, each Agent string must be explicitly written into ADFS configuration. You saying add this to ADFS? Sure. But do you remember we were talking about large enterprise? 5-second command to execute in PROD environment takes easily 6 months. Why? Don't ask. Just believe! So for any changes we are looking months and months to implement. 2. Cortana. We disabled it in SAC anyway, so why bother? Nobody use Cortana, except MS people who present something on Ignite! 3. App Store. Most enterprise block it - otherwise this is a Pandora box! If users start installing what they want this will be the end! 4. Same thing for many other things. So what really business need? They need their Applications. And they want them to work stable today, tomorrow and in 5 years, day after day. And if changes occurs so often and could break things, this is not good. Did I almost convinced you why large enterprises should go with LTSC? Ha-ha-ha! Your turn!

Copper Contributor

Just adding my two cents here. Most users keep their devices for an average of 5 years. If MS supported each Windows SAC release for up to 5 years, it would be so much easier for enterprises to embrace SAC over LTSC. That would mean users get a new Windows version every time they change their PC as opposed to disrupting them every year or so at the risk of breaking their applications.

 

To all those LTSC issues raised in the article, they all have a workaround or alternative so they are of no concern and I can safely dismiss them as fear-mongering designed to fit Microsoft's agenda. After all, let's look at who wrote the article. The author conveniently failed to even take a peek at the recent series of upgrade disasters and delays Microsoft is facing. I think it is evident Microsoft can't keep up with their own agenda, which has hurt their credibility. If they are to be successful at repairing the damage, first they have to earn our trust before we can take their agenda seriously by releasing stable and trustworthy upgrades that are consistently on time. Constant delays is a clear sign of trouble. If MS can't keep up with their own pace, what makes anyone think that the average enterprise will be able to do the same? We just don't have the resources to go around every 6 months upgrading machines. If they slowed down the release pace to maybe once a year, and support those releases for up to 5 years, I believe Microsoft might be able to keep up with the pace, they won't stumble as much, make it much easier for enterprises, significantly reduce the push back, and have a much more successful Win 10 upgrade path.

Silver Contributor

MS is surprisingly quiet about the 19H2 update and there are rumors it might be very minor stability update instead of a regular feature update. Although i would just scrap it and go the 1 update per year route. 5 years though? Nah, that's too long. Especially with laptops. They get beaten up badly (if used as laptops and carried around a lot). And they get morally old. 3 years seems like a more reasonable age to change.

Copper Contributor

We use the LTSC version. I originally went the route of 1803 Enterprise and had so many problems:

- Removal of the bloatware is not clean, on new sysprep'd computers there are always errors regarding apps that have been removed in the Application log.

- Inconsistent application performance

- Using GPO's to disable the Store, Hello, Cortana doesn't do this cleanly, Application errors are consistently reported. Why, if they are turned OFF.

- With patching and updates, some of the apps "return" which is unacceptable. (ie OneDrive)

- Our computers are for "work" not home, shopping apps are inappropriate.

- We don't want "Advertisements" on work computers

 

We want stability, clean and lean OS that is quick and for work. The adoption of new "Features" should always be an individual companies decision, not Microsofts. All non-required features are just applications that bloat the OS and increase management.

 

We don't have the staff to deal with, 6monthly Feature updates, which technically are "inplace-upgrades" and all their consistencies.

I think the 3yr rotation was good, 2yrs of stability. Then the 3rd year was dev/test/implementation/tidy up for the next version, if it was stable. We skipped all of Windows 8.

 

Brass Contributor

I’d like to know how are we to keep up with these updates. By the time I’m done getting 1903 out, 1903 will be end of support and I’ll have to start rolling out whatever new build is current then.

 

What happened to 10 year long OS’s like XP and 7?  Now I have to upgrade the OS every 2 years just to keep security updates coming down the pipe?  We just did an internal NESSUS vulnerability scan and 18 machines on 1703 and earlier came up on the report for being end of life.  I’m almost done getting all the Windows 7 machines up to Windows 10, but even if these machines have a 5 year lifespan, the hardware will outlive the OS!  It used to be we bought a generation of computer preloaded with an OS (like Win 7) then 5 or 6 years later those computers would be refreshed with a newer model and a newer OS (like Win 10).  

If you want to do feature updates fine, but keep those security updates coming down the wire.  I can’t tell you how many 1607 builds we have that just will NOT update at all to 1803,1809 or 1903.  “Something went wrong” is not helpful.

Silver Contributor

Keith, it might help first updating to older build. Some PCs here were failing to upgrade from 1709 to 1809. Yeah, it was giving a confusing error that "some driver is incompatible". No exact name, error, nothing. Just a button to proceed anyway. If i proceed, it works ok after the update. But this requires manual intervention. Surprisingly this works, if you first update to 1803 and then to 1809. So for failing machines i'm using this approach.

 

Btw, we also have 15-20 1703 machines and it seems they are not going to be updated soon as application is not compatible with newer versions of Windows and there are also some political decisions to be made to move on. 1703 was released in 2017 and is expiring sooner than Windows 7. 1709 released in the same year had some drastic change breaking the application. I know that MS now has so many versions on their hands to support all of them for at least 5 years. But hey, there is the LTSC version to avoid this problems, no? /s

Brass Contributor

@kjstech

  

Hi Keith.  

Happy to help, I hear frustration in your feedback, but missing a lot of details that I might help with.

Some initial thoughts, feel free to engage with specifics if you would like help.

 

1) Once we work through your issues, I'm confident we will get you to were the vast majority of devices are today, installing updates and getting the security, end user functionality, and quality improvements that come with them.  There are literally millions of devices that do this every day, consumer, slam business and large enterprise.   You did not indicate with SKU you are using, but I'll assume pro is you are focused on the 18 month security servicing for each release. 

 

2) You forecast that it will take you more than 18 months to roll out 1903 to your organization, but no details on what is limiting that velocity.  I work with many enterprise customers ( other than Microsoft ) who  update 1000s  of devices weekly, some even more. What are the limits that you running into and effecting that velocity?

 

3) Just to make sure , though I think you know this,  for Pro SKU, we provide security updates for 18 months. So if you choose , you can update devices as slowly as <1 / year, and still stay security patch current, you do not have to update 2/year.  The customer trend I do see is that once you get process in place to update once every 12 months, then updating more frequently, if you choose is incremental. Most of the change management is completed in getting to update more frequent than every 3-4 years, ie once per year. 

 

4) Do you have specific issues that have prevented you from updating those devices on 1703? How do you manage updates? 

 

5) We have updated millions of older machines that started life on Windows 7 , and now are now extending their useful life with improved security and new functionality with Windows 10, and the Windows 10 feature updates.  Windows 10 will certainly outlive the HW, but while it does so, it is extending the life of that HW. 

 

6) 1607 devices that wont update.  

Tell me more?  Have you check free diskspace?  This is one of the most common sources of update failures, lacking free space to download and install the updates.   Do you have 3rd party encryption and security products that might be conflicting? Many then, fewer today still, required you to first uninstall, update the 3rd party tools before the update, though I would expect you would have worked through this with other devices that did update, so check disk space. Have you used the Setup Diag tool?

 

John

 

 

 

Brass Contributor

@wroot 

 

Hello my old friend.

 

Tell me more about the "drastic change" breaking your application. If this is the case, by all means, take advantage of our App Assure program, no cost to you, and we will correct or help re-mediate the issue for you. App compat , now with enterprise, LOB data included has been greater than 99%, we have had to make very few code changes/fixes,  but if we break something, we want to correct it. 

 

JOhn

 

 

 

Silver Contributor

I'm not sure if i can disclose such information (even the name in-house app). What i meant, that one might assume that going from March version to September one can expect it to be mostly compatible. This seems like 1909 might be such example. Although looking at Insider builds there are still a bunch of changes, not just small fixes.

Brass Contributor

 

I'll be very clear. you should expect it to be COMPLETELY compatible release to release, not just mostly, for those apps that are using public APIs.  If you have an app that is using undocumented calls, or other non-supported approaches,  no-promises. 

If its not, use App assure program so we can fix it for you and others.

 

It's often the little things that are annoying.  I don't have a large deployment but every release there is something that takes time to fix and track down.

 

1903 was https://accountants-community.intuit.com/articles/1860059-pdf-and-component-repair-tools-for-lacerte... I had to repair the pdf printer for a LOB app.

 

It's typically something relating to printing, one time it was an Outlook app that stopped working and I had to repair it.  At home I've lost my hdmi display to my Lenovo docking station (and this isn't a cheap laptop either).

  

If I had thousands of desktops this wouldn't scale.

 

I personally only do a feature release a year for this reason.

Copper Contributor

To be honest, I really do not see how you have such a big issue keeping up to date on Windows 10. First off, LTSC is a bad choice for close to every user in any case, to many potential pitfalls and limitations. It's an embedded/IoT solution.

 

Managing computers without management tools is not easy, but if your are serious you should also be serious managing your computers, making sure they are up to date and compliant. With an increasing degree of travel and out of office usage, as well as interaction with external systems and users, firewalls are not the most important point of security any more, the endpoint is. Not having absolute control of the endpoint can turn out more expensive than you might think.

 

I'm using a combination of SCCM and Intune managing endpoints, and as a single admin I manage thousands of devices, Windows, iOS and Android, in a more diverse, both geographically and methodically, environment than most other businesses. 

 

As for the 1806 issues, well, I did not experience any. Nor did I have any issues with any other release either. My impression is, most people did not have any issues, but a small percentage of close to a billion devices is still many systems and users. When the new release is out, I wait a few weeks before I update a small set of test computers in my office. I do some testing trying to provoke some errors, while also looking for people having issues online, trying to identify HW and SW setups common for our environment. I then deploy the update to a set of chosen early adopters/power users, yeah, they know they are guinea pigs, and let them run the new the update for a while. I then deploy for the entire organisation. All data is stored off device, and a full device rollback takes about one hour, should something go bad. So far I've had issues with one upgrade on one computer, out of several thousands. And, after redeploying the OS, every update since were ok.

In a perfect world we would have more people testing every computer type with every software before deploying the upgrades, but needless to say, this is not possible with just one person managing clients. At some point, something might go wrong, we all know this. But we have disaster recovery plans, and most users can do a OSD from their own desk getting the system operational within the hour.

We find that keeping the endpoints secure and compliant is more important in the long run.

 

@Andres Pae Nobody said do not use LTSC, and your example of static, automated systems, conducting the same tasks over and over, with little use of new features, doing nothing but these specific tasks, well this could be one of the use cases where LTSC is the best choice. Just think it through first.

Copper Contributor

Serpentbane, but that is the point. 

One of the main reasons why organizations chose LTSC in the first place is to NOT get the "new features" you were talking about. 
Microsoft made it very hard on Windows 10 to get rid of things the Organization does not want - things like setting file associations etc. needs a lot of workarounds to make it work because it is obvious Microsoft does not care about Admins anymore. 

This was much better on LTSB/C, as a lot of the stuff that people want gone (Store, UWP Apps, Edge, Cortana... and their file associations etc) were not there to begin with, so they didn't need to be disabled/hacked out/worked around, etc. 

Also, we deploy our devices for a four year cycle, and by using LTSC, we could just deploy these devices and keep them on one version for the entire Lifecycle - no changes, no stuff breaking. 

It is the little things that happen with the Windows 10 updates - defaults get changed, they add new icons to the task bar (I had a ton of support calls when the unwanted "Mail" App was auto-pinned to the taskbar with upgrades), the interface is changing constantly (looking at you, Windows Search) ... people do not want that. Neither do we want that as Admins. You might like the "new Features", I  just see "more crap I have to disable/remove". 

Also, people HATE when the upgrades arrive. They take a long time, happen when they want to shutdown/quickly reboot their machine and hinder then from going home (99% Laptops), and are a hassle. And I have trouble forcing my users to have a single reboot a month as it is (IT had to override Management on that one). 

Just remember that back on any other version of Windows, you only had to worry about deploying to a device once, have it auto-configured by whatever scripts you built, and only worry about the monthly updates.

 

Now, with every new Windows 10 version I have to verify that my scripts still work (PSA: often they get broken by changes from Microsoft), I have to verify my Drivers and Software all still work, figure out where Microsoft changed the presets set by users in the upgrade process, where they added unwanted "features" and GUI elements, update my GPOs ... Administering Windows 10 devices to a level that my Organization wants (not to a level that Microsoft deems "suitable") creates about five times as much work as Windows 7 or Windows XP did before. 

 

I know, a lot of people seem to like Edge, Cortana, etc.. but we don't. We don't want them, we don't need them. We do not need UWP, we do not need the Store, we do not need another Browser or Security Software. We just want Devices for our Lifecycle that behave consistently from one day to another, and GUI changes are not consistency. 

It was hard enough to figure out how to turn most of the annoyances on Windows 10 off, but to have to do it repeatedly every 6-12 months is just.. argh. 

 

Just as an anecdote, I had a script (why do I need a script for this) that unpinned Edge from the Task bar - as it was not a normal icon but some system functionality deeply hidden that put it there. In the end, it worked and the icon was gone - and it worked fine in 1809 or older. When we moved to 1903, it still worked that it unpinned the icon - but now users couldn't pin stuff to the taskbar anymore, as it was forgetting the pins after logout.  Why is simple stuff like that so hard... 

I am currently moving all our devices up to 1903, and when that is done, to 1909...and we expect to stay on that version as long as support runs out (30 Months)... and until then, hopefully Microsoft will have revised their update model, as they seem to begin to realize that 6 Months is way too often in corporate land. 

in an Ideal world, there would not be two, but three Tiers to Windows 10:

SAC, the same as before, 18-30 Months support.

LTSC: The same as before, 10 Years support.

LTS-Business: New Channel, no new feature updates, released every ~3-4 Years, with an equivalent support period of ~5 Years. Create one Year of overlap from one release to the next. 

 

Copper Contributor

Whenever I hear someone telling me they "do not see how you have such a big issue" with anything, I totally get it. They don't see it because they don't have to work in the environment we work. So they don't understand it, and naturally they don't see what the issue is.

Copper Contributor

Show me a Windows 10 Enterprise Semi-Annual Channel version that doesn't have an XBOX icon in the start menu after installing...  When that happens, maybe, just maybe, I'll believe Microsoft has a clue on what is required for the enterprise.

Copper Contributor

Yeah I can agree with that however the SAC version is based on the full edition.  The LTSC version does not have the Xbox app and again the IoT LTSC version is locked into a build and gets 10 years of support which is intended for OEM appliance manufactures and works great for them.  It would be cool if they  did create a combo of the two where you did have the benefits of SAC but with the commercial apps like Xbox and weather removed.  But not enough demand or a market space for that type of product.

Copper Contributor

Thanks for an excellent clarification of when to use LTSC and when to use SAC. I'm recommending an evaluation of LTSC for programs I'm the security manager over and I have a question that I hope the community would address. How is the backwards compatibility of LTSC? For example, if I'm using hardware from 2010 or earlier will 2019 support the hardware? 

Copper Contributor

Ha-ha-ha! If you are using hardware from 2010 you are in bigger trouble anyway! Regardless what the bad guys say, here is the only one truth: Windows 10 (any edition) only works on SSD drives! Period! Why? Well, because it was designed that way. For example to supply water you have to use copper or plastic pipes. They designed for that. You cannot use paper pipes - they will melt in seconds. Same here: if you still use HDD - your Windows 10 won't work well. It will work, but much worse than XP or Win 7.

 

Besides, please try to understand one thing: ALL editions of Windows 10 are the same. Difference? Missing features. And different versions. But they are the same. And all applications works regardless. This is the worse thing that 99% of the people in this world truly believe that Apps needs to be re-tested! Ha-ha-ha! Those are time wasters and tire kickers! Those are truly bad guys! Because this way they can justify their salaries by doing nothing!

 

Although the concept of choosing LTSE for large enterprises just got better: Microsoft released new Edge browser that works on ANY Windows including Windows 7, 8, 8.1, and of course 10. Including LTSE. So now you are not limited to lousy and slow IE11. You can enjoy new EDGE which is absolutely best browser in the world today!

 

And the rest? Who use Cortana? Nobody. Who needs Store? Well, at home - YES, but for Enterprise this is a huge EVIL. This is a first thing that any Enterprise would ban and prohibit - MS Store. Because this is a big Pandora box. I hope you know why (you said you are security guy?). Hope this can help...

Copper Contributor

"here is the only one truth: Windows 10 (any edition) only works on SSD drives! Period! Why? Well, because it was designed that way."

 

Interesting how we have many computers on campus all running Windows 10 (various editions) on regular hard drives, not SSD drives .

Copper Contributor

We have a mixed pool of laptops from 8yr to brand new. We don't have any problems running windows 10 on the older kit. Where I have needed drivers and there aren't any for Windows 10, I have installed them for older operating systems and these work well. As the older kit breaks, we scavenge any relevant components to fix the remaining laptops. A portion of our user base are very harsh on the laptops, so the older rugged machines handle this the best. When we have spare funds, we do put in a SSD but we haven't found it necessary.

 

I love the LTSC edition, its just so more stable.

Copper Contributor

Yeah I can agree with that however the SAC version is based on the full edition. The LTSC version does not have the Xbox app and again the IoT LTSC version is locked into a build and gets 10 years of support which is intended for OEM appliance manufactures and works great for them. It would be cool if they did create a combo of the two where you did have the benefits of SAC but with the commercial apps like Xbox and weather removed. But not enough demand or a market space for that type of product.

 

By default the LTSC edition doesn't have the xbox apps natively installed, however you can install them. There is a "MultiLang App Update" release, which you can download from your microsoft account. This ISO has most of the apps that were released with the 1809 non-LTSC edition. My users like Sticky Notes, Photos and couple of the other apps. I installed them from the App Update pack without any problems.

Brass Contributor

@CarterF 

 

Hi Carter

 

First to your question,  as a general rule, yes,  current version of Windows 10 work on older hardware. If you purchased a new machine in 2015,  the current version of Windows 10, if your using MS update service, has been updated to your machine, moving it forward.  That is the general principal, but as  in all of life, there are footnotes in small print at the bottom of the page.

 

1.  You mention devices as old as 2010 or older., but not the specifics.  There are driver support requirements that may be potential issues for you. That would be for Win10 regardless of LTSC or SAC, no difference there, We certainly updated 10's of millions of devices in 2015 and 2016 that were at the time 5-6 years old, so it was a common scenario, but again in general, its was the very old devices that had the higher rates if issues, not surprising. So its likely to install and run, but cant say for sure.  The OEM I'm pretty sure is no longer supporting it .

 

2.  Depending on how the device is being used, you will see perf impact.  A pre-2010 device is far from todays in terms of RAM/Proc speed and capability, storage speeds.  Depending on the applications/usage.  

 

3.  You did not give details on the use case , but sense you did call out your security manager,  I do want to call out and be clear for you and other readers,  The most secure option with Windows 10 will be SAC, and not LTSC. Both get security patches each month, but SAC editions get new security features and functionality, many targeting and or addressing the latest attack  strategies.  LTSC is often, incorrectly thought to be the choice for secure, locked down devices, and that really is a SAC build, where we continue to innovate and advance the security capabilities of Windows, every 6 months.  An LTSC devices will stay at the security baseline of its release for the life of the device, or until it get update to a new LTSC, or converted to a SAC edition.

 

JW

Silver Contributor

New versions do get new security features, but also new flaws. Latest SMBv3 vulnerability was only on 1903/1909 versions. What gives..

Copper Contributor

New versions not only get new security features, but also new features in general. Rather large updates could also present new vulnerabilities, this is to be expected.

 

Copper Contributor

Hi John,

 

Where I work (A housing association with around 150 staff and a small IT team) I'm still in the middle of rolling out Windows 10 in a VMware VDI environment. Ever since initially looking into rolling out W10 years ago I have ached so much to be able to just use the LTSC release and get on with it.

 

You say that the LTSC is intended for environments where use cases and requirements don't change over time. My response to this is that empiraclly speaking, we simply don't use any "features" of the OS itself to drive our organisation forward. Our business needs are met by software vendors developing applications that we simply install on our base image or run via web-apps, not by the OS itself. Our security needs are catered for in our infrastructure itself and again by third party solutions. I'd also wager that this is what a majority of businesses need, nothing more than a simple platform on which they can build to their own requirements, not Microsoft's.

 

I welcome additional features in the name of security but there appears to be no allowing here for IT admins to make their choices and not have to feel like they're being punished for it.

 

I've fought too much against changing behaviours in Windows 10 releases where I need to find new services to disable for performance reasons or where something I did in a Group Policy for one release is undone by another. I've got file associations being reset anytime a user moves to a new VM that are an absolute pain to manage. UWP replacements for stock Windows apps are no longer simple to manage because they're "provisioned" on a per-user basis rather than just being "installed". I can't get "Photos" for crying out loud to open an image for any user without staring at a blank window for 10-15 seconds. The classic image viewer? Perfect... but also gone now (without resorting to registry hackery). I could go on and on and on. It constantly feels like a battle with Windows 10 and I'm exhausted with it!

 

What we'd love is to be able to use LTSC as our base image, install exactly what we need and just get on. SAC goes completely against this.

 

Brass Contributor

Hello @M_Lye 

Thanks for engaging, I always appreciate the chance to engage.

 

You say you "don't use any OS features"?.   Pretty sure this is not actually true, let me explain, and I'll put aside for now the end user innovations and improvements that have been added, that you your users may be missing out on.

 

1) Are all your PCs the same age, or have your purchased new HW over time? When you do replace, add HW, do you try to acquire the best performance for price at the time its acquired?  If so, your taking advantage to the Windows 10 Silicon policy, where new HW is first enabled on the  current version of Windows 10, and would not be supported for example on the 1607 LTSC release.

 

2) Do you want/need smaller and  less user intrusive monthly patching?  Those are features that have been and are improved with each Windows 10 update.  Not only are the packet sizes now 80%+ smaller with improved express,  we have improved AI to figure our working hours to install when users are not user their machines, or enable you to manage that for them so that you can stay in compliance with your security, patch requirements, and users can remain productive. You see similar improvements on the Feature update process, where they are both smaller, but off-line time disruption has been reduced from nearly 1 1/2 hours to 20 mins mean time.

 

3) The combination of staying current with firmware, drivers and OS provides the best security, experience and reliability at any given time. That is the stack that is currently the focus of development and testing by your vendors of choice, ( silicon, oem and os ). Do you stay current with firmware updates and drivers? 

 

4) The security innovation and capabilities continue to improve and move forward with each release. From things like Windows Info protection to Application Guard, you have much richer tools and better capabilities to address your security needs, again while focusing on user productivity.  

 

 

But all that side.  the choice is still yours you can still have (1) , not  use any of the security improvements, enable the new end-user functionality.  You can choose to use LTSC.  While I explained above what it was designed for, customer still choose with version they choose to purchase and use.  

 

And if you are experiencing a situation where you set a configuration/GP and we over ride it with an update, tell us, tell me, and we will fix it. Certainly we did that a lot in the first 3-4 releases, but that was a big focus  through 1709 to respect  and persist. If and when it happens today, we want to know it and fix it.

 

Thanks again , and let me know how I can help, with what ever version of Windows 10 you choose to run.

 

John

 

 

 

 

Copper Contributor

I'm the only one managing clients in my organization, and we have thousands of clients with different needs and users. And I see no point what so ever going LTSC. First off, we have not experienced a single issue with updates for as long as I can remember. And, who are we to say what our users need? I have never told anyone about the my phone feature, yet I discovered many of our users were all over it. And, W10 is getting better, why stick with the old? From a management point of view, many mgmt features require the latest versions. You don't need to prevent W10 from evolving, you need to evolve yourself. No, GPO's are not the future, and if you miss them you are only scared of changes and improvements. 

Copper Contributor

Just coming back to this after almost a month of 95% of our staff (IT included) working from home during the CoVid-19 outbreak. We're about a year into a gradual roll-out of MS365 technologies (done Exchange and AAD) and we've accelerated the roll-out of Teams, OneDrive, etc. and despite a few frustrations, things are actually working remarkably well - we're particularly starting to feel the love for Teams.

 

Why am I writing this? Simply because it's clear the desktop OS is becoming less and less relevant - most of our users are just working in the cloud on whatever they have at home. We have a few legacy apps (finance, why is it always finance!?) where people are VPNing in to their (LTSC) desktops but apart from that, as long as their system has a modern web browser, the OS underneath is irrelevant. I can even work effectively on my Chromebook, although my Macbook or Win10LTSC laptop is preferable, mainly because Teams is best in the app and the app is best in Windows and then MacOS.

 

So perhaps instead of adding more and more features to Windows 10 and poo-pooing people who are using LTSC, MS should be thinking about a lightweight, easy to service, image of Windows aimed at users who spend most of their time in the web browser not the desktop OS. 

 

By the way - big kudos to the Edge team - from hating the original version I'm really liking the new Chromium-based Edge, 'Profiles' are invaluable.

Copper Contributor

AJC219

So, you say the OS is irrelevant, all is web, Chrome book is great, and then go on to say the experience is best on desktop, Windows then Mac.

 

Truth is, the OS does matter. The OS is the thing tieing the experiences together. Chrome OS was supposed to be a web OS, because all you need is web. But it's not. Because, web alone is not enough. 

 

And if you do feel it is, the feel free to use web only. But if you need the OS, then use the propper and intended OS. The LTSC was made with a particular user case in mind, and that is not user computers.

 

Why are everyone so eager to get all the new OS updates on every piece of HW if the OS don't matter? How long would Windows be a thing if Windows did not evolve?

 

Sure, for some LTSC is a must have, for most its not. If your users don't need the OS, give them thin terminals. If they need the OS, give them the best experience. That is not LTSC.

 

As I see it, it is my job to give them this with as little hassle as possible. Sitting back with my feet on the desk running LTSC is not what's best for my users. 

Copper Contributor

This is a good write-up and I will link to it when people ask why I prefer using LTSC over Pro or standard Enterprise versions. I prefer LTSC because it does not change substantially over time and precisely because of all of the things that are missing from it (Edge, Microsoft Store, Cortana, OneNote, and other modern apps). 

Copper Contributor

Howdy, I am developer in a corporate environment. I have been happily running LTSC on my laptop since Nov 2019 w/o any problems!

 

I use Office 2016 (word, outlook, powerpoint visio, etc), Visual Studio 2019, MS Teams, Zoom, chrome, firefox, Dragon Naturally Speaking, Logitech 920 Webcam, MaxTo, Total Commander, VMware Workstation, Perl, Python, Cygwin, and ConEmu. I have a modern laptop with discrete Nvidia GPU driving 3 4K-monitors.

 

No problems at all. I have not been hindered in anyway by LTSC. Therefore, I cannot confirm any limitations so stated in the parent article. I am very grateful that my orgnization is legally allowed to license LTSC 2019.

Copper Contributor

@Rich2325 it is vastly superior to other versions and all of the more recent versions have been plagued with varying degrees of problems. LTSC is what normal Windows 10 should be. It is extremely unfortunate that it is not readily available to all consumers as an alternative to the bloated and unstable versions they are expected to tolerate.

Copper Contributor

I wanted to try LTSC just to see if it would be more usable for me than "2004"/20H2. So I installed it into my Mac Pro Bootcamp partition in early summer this year. I am kind of dismayed by the lack of updates for what to me, appears to be a superior version of Windows 10. One without the "Windows Store", if I want to run it that way. Actually, I found a script that added the store back in, so I can use most of my paid store apps. But no "Cortana", I think the update for Cortana in 2004 was excellent, much more friendly.  In my situation, I use Windows to drive workstations for Audio and Video editing, so I don't want a lot of excess junk gobbling up resources. Because I need every byte of memory available and I need to keep my system drive lean, as sometimes I am limited to 500GB partitions.

 

I still have LTSC installed, but it has not updated to much newer than 17663.1554. At some point, I may want to officially get this build, it is so much better for me. My question is, how exactly do I do that? And, are there any major updates coming down the pipe, I had read that one was coming in Fall 2020. I can't remember the source for that though.

Copper Contributor

The whole purpose of LTSC is so it doesn't update to new feature packs and removes store and other stuff you wouldn't want in the image.
If you don't want updates in your build, turn them off

Version history
Last update:
‎Jul 15 2019 09:56 AM
Updated by: