blog_windows10au_sysadminIf you’re a well-informed system administrator, you have already heard about many of the new features the Anniversary Update brought to Windows 10. We’ve highlighted 10 of them which you can actually use for your sysadmin job, and you won’t find these in mainstream media reports.

It’s hard to believe that it has been a year since Microsoft released Windows 10 to General Availability, probably because most of us have been running an early release or CTP version of 10 for a lot longer. But with the one-year anniversary, two things have happened. The free upgrades have come to an end, and the anniversary release, known as Redstone 1, is out and coming to a PC or a tablet near you.

Marked as build 1607, or more specifically as Version 10.0.14393, RS1 includes several new features to make Windows 10 even better for end users and the enterprise. Here are ten of the newest features included in RS1 for you to consider when looking at whether to upgrade or not.

It’s easier to deploy

A lot of the work that went into RS1 was focused on making it easier for admins to deploy. Here’s what you can look forward to on the deployment front.

Windows Imaging and Configuration Designer (ICD)

The ICD can be installed within RS1 as a standalone component, though you could install it in the original release by deploying additional components from the Assessment and Deployment Kit. The ICD includes workflows to automate packages for

  • Basic provisioning of domain-joined machines
  • Advanced provisioning, including the ability to deploy applications, certificates, et al.
  • Classroom/lab provisioning scenarios

You can find out more about Windows 10 provisioning using the ICD at

Upgrade analytics

Using Windows Telemetry, you can now gather detailed information about your Windows 10 deployments to identify trends, compatibility issues, hardware shortcomings, etc. Using upgrade analytics, you can easily identify your pilot and production users for your upgrade to Windows 10 RS1, as well as to identify those machines that would have application issues or other problems. You can read more about this at

It’s easier to manage

Centrally managing your desktops, whether through Group Policy or gold builds, is critical to ensuring a uniform experience across shared computers, and to make it easier for the helpdesk to deal with end users. RS1 includes some great new features to make this easier for admins to do.

Taskbar configuration

Admins can now manage the taskbar, pinning or unpinning apps, setting specific apps in a particular order, and more. This will prove very useful for kiosk or shared computers, as well as customizing the corporate build. See how at

Shared PC mode

And speaking of shared computers, RS1 has an actual shared PC mode, designed for kiosk, hoteling, customer access, and other scenarios where multiple users must use the same PC. See how to set this up and all the setting focused on making a shared PC easier to use and manage at

User Experience Virtualization (UE-V)

Especially useful in scenarios like shared PCs, hoteling space, and non-persistent virtual desktops, UE-V helps users to keep their customizations, without all the baggage of a roaming user profile. If you have users who could benefit from this, see for more on how to set up UE-V.

Remote Desktop to AAD joined machines

BYOD continues to grow, and many companies are letting users work from home on their personal computers, or having contractors and external consultants use their own computers rather than issuing them a domain-joined corporate device. There are a lot of features in Microsoft’s Azure Active Directory that can help admins to secure and manage systems that cannot be domain-joined, and in RS1 the ability to remote into these AAD joined machines makes it easier to provide remote support.

MDM with CSP

Adding on to this, remote Windows 10 machines can be managed with new mobile device management, including configuration service providers. You can now sideload apps, configure VPN profiles, and more. See for more on what is new in RS1.

It’s more secure

Of course, nothing is more important than security, and RS1 brings new security features as well.

Isolated User Mode

Credential Guard and Device Guard can take advantage of Isolated User Mode, which is now included in Hyper-V, and no longer requires an additional install.

Windows Hello for Business

Adding to the very popular Windows Hello, Passport and Hello have merged into a single product, making it easier to deploy and manage. Enhancing this, Group Policy can now be used to manage Hello in both User and Computer configurations, making it easier for admin to support more scenarios. See for more.

Windows Defender and Advanced Threat Protection

Bringing even stronger anti-malware solutions to RS1, Windows Defender has a number of new capabilities. There is an offline mode that can be used without having to boot from external media, PowerShell cmdlets to assist with automated scripting, a “Block at First Site” to help protect against near zero-day attacks and more.

Add in Advanced Threat Protection for even more protection, which includes

  • Endpoint sensors within Windows 10
  • Analytics that leverage a number of big-data sources, including Office 365, Bing, SmartScreen, and more
  • Threat intelligence that leverages both Microsoft and partner ecosystems to quickly identify and block new attacks

You can read more about this at

For enterprises still on Windows 7 or 8.1, these are ten very good reasons to go ahead and start your migration to Windows 10. For those of you already on Windows 10 at home, check for updates now, as you may already have Windows 10 RS1 available for your devices. And if you’re running Windows 10 at work, get started with the upgrade analytics now so you can get RS1 out to your users with as little effort as possible.

If you’re looking for additional help (or motivation) for the migration process, Microsoft has created a comprehensive guide for Windows 10 deployment, which you can find here.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.