Posted by: kurtsh | June 14, 2018

INFO: Should you use Windows 10 Long Term Servicing Channel for desktop deployment? Probably not, but you decide.

imageStill considering using Windows 10 Long Term Servicing Channel (LTSC) for desktop deployment? Think real hard.

The LTSC servicing option is designed for device types and scenarios where the key attribute is for features or functionality to never change.
It is a edition of Windows 10 that is specifically designed for special purpose devices such as embedded systems. To be clear, it is not designed for end user desktops. Examples of the intended target system for LTSC include systems that power manufacturing or medical equipment or embedded systems in kiosks such as ATMs or airport ticketing systems. (LTSC is also the same build as Windows IoT Enterprise, the next generation of Windows Embedded.)

The reason LTSC exists is that specialized systems—such as PCs that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Windows 10 Enterprise LTSC devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date.

To be clear, Long-term Servicing channel is not intended for deployment on most or all the PCs in an organization; it should be used only for special-purpose devices. As a general guideline, a PC with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel.

Here’s a list of considerations regarding the use of LTSC:
(Thank you to former Microsoft Southwest Windows Technology Specialist, Prasad Naik, for providing much of this background!)

  1. No realization of Windows 10’s evolving value.
    Windows 10’s value in the semi-annual channel increases with every evolutionary release. Today’s 1803 release is a very different operating system from 1507 with added functionality that improves the end user experience, provides business value or mitigates risk. For example, RS3/1709 received a variety of invaluable endpoint security advancements including:

    1. Application Guard
    2. Exploit Guard
    3. Improved ransomware protection including Controlled folder access protections & Smart application whitelisting
  2. Lack of support for new/old CPU architectures between releases.
    LTSC is designed specifically to the silicon available at the time of release & is architected for close alignment with that particular hardware. It will not receive new chipset support for hardware architectures (such as Intel’s Coffee Lake, Cannon Lake, and beyond) until subsequent full releases of LTSC. Users of LTSC are locked in to one non-evolving hardware standard, even as newer PC models displace an organization’s current standard. Because hardware vendors generally cease producing PCs with older architectures after a certain time, company’s may need to either warehouse/stock a certain number of your standard PCs to ensure they have them into the future, or negotiate long term purchasing agreements. Organizations using LTSC on desktops will generally also need to maintain multiple versions of LTSC for the hardware platforms they own.
  3. Risk of not getting OS functional fixes for an improving experience.
    LTSC-based PCs are in some ways rolled out in “Extended support” from day 1 of deployment. While LTSC will receive security patches, it will not necessarily receive fixes associated with functionality. Features & functionality will be fixed regularly with the Semi-Annual Channel releases providing dramatically improved performance, security, stability and productivity. LTSC users will not necessarily get those fixes until the next release of LTSC.
  4. Lack of common application support/compatibility such as Office 365 Pro Plus
    LTSC is not the same Windows 10 as semi-annual channel and lacks certain OS components that desktop applications, particularly legacy applications, can rely on. For example, common applications that do not work on Windows 10 LTSC include: Office 365 Pro Plus & Visual Studio
  5. Loss of support for available Windows 10 security features
    The following security features do not exist on the LTSC 2016 release of Windows 10:

    1. Memory protection features
      1. Control Flow Guard (CFG) – a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities
      2. Data Execution Prevention (DEP)
      3. Structured Exception Handling Overwrite Protection (SEHOP)
    2. Address Space Layout Randomization (ASLR)
    3. Hardening against recent zero-day exploits
      1. Win32k elevation of privilege
      2. Open type font elevation of privilege
      1. Windows Hello for Business on-premises
  6. No support for Windows Analytics
    The capabilities of Windows Analytics to collect and present information to IT around Upgrade Readiness, Update Compliance, and Device Health across all enterprise PCs is not available to LTSC machines.

Gartner’s Recommendation
If you’d like to see what analysts say about the matter, here’s a research report that you can view online where Gartner discusses the impact and recommendations for use of LTSC:

References:

Dependent upon the ISV / IHV:


Categories

%d bloggers like this: