Patch Lady – 1809 and mapped drives

Topic

New Reply

For those of you in a domain, who have Windows 10 pro versions, please make sure that you  have put in place feature update deferrals to ensure you do
[See the full post at: Patch Lady – 1809 and mapped drives]

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

PhotM, geekdom, lurks about, abbodi86, Mr. Natural

Reply | Quote

Replies

What an unbelievable mess. 1809 remains “declined” in WSUS and I don’t foresee ever approving it. Thanks Susan!

Red Ruffnsore

Reply | Quote

Thanks Susan.

As a Windows 7 home user, but not viewing things just from that perspective, I am increasingly interested to see whether we are at or approaching a stage with Windows 10 and the mess that occurs increasingly with each version where the team here will be starting to consider advising prospective users not to upgrade to Windows 10, and existing users with the ability to roll back to either Windows 7 or 8.1 to give serious consideration to doing so.

I’ve yet to see any suggestion that Windows 10 offers anyone sufficiently substantial advances over its predecessors to outweigh the problems that are being increasingly experienced with it, although I appreciate that where large companies have made a wholesale switch in the OS it’s a very different matter to consider reversing that process as compared with home or small business users. Nonetheless, it’s a valid question as to how long such companies should be expected to put up with this situation before giving serious consideration to the alternatives.

4 users thanked author for this post.

David F, lurks about, flackcatcher, wdburt1

Reply | Quote

FWIW, we’ve been using the “Replace” GPO for ages for other reasons, so… kinda “unaffected”, but… sheeesh, who’s testing this stuff, and why are they messing with something that’s been working for *ages* and needs absolutely no changes.

Reply | Quote

Mapped drive explanation:
https://en.wikipedia.org/wiki/Drive_mapping

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

Barry

Reply | Quote

We discovered this issue almost immediately when we started testing 1809. Several of our line of business applications, not the least of which is the primary accounting system in one of our divisions, still rely on mapped drives. That Microsoft did not consider this to be a MAJOR problem says volumes about their testing and, even more, about their current attitude towards SMB customers.

A different, very specialized accounting system we run in an older division was installed in 1996 on a SCO Unix system. Today this same software is still running, now installed on a CentOS 7.5 system. It continues to do the job it was designed for, even if it is used in terminal emulators in Windows, and hasn’t been replaced simply because it still reliably serves the function is was designed for. It is a supreme example of “if it ain’t broke, don’t fix it”.

It’s getting close to time to start looking at Windows 10 LTSB or searching for viable alternatives to Windows.

2 users thanked author for this post.

flackcatcher, BobbyB

Reply | Quote

Susan Bradley wrote:

And note that you can set a deferral for longer than the platform is supported on the Pro version.

You can’t. Deferral is for a maximum of one year from date of version release to set channel and support is 18 months from date of version first release.

Susan Bradley wrote:

For example Windows 10 pro only gets an 18 month window of support for security updates until you have to upgrade to the next feature release. So you could put in place a 365 day deferral and then end up where your version (Windows 10 1703 for example) fell out of support last month.

A one year deferral of 1703 would have expired no later than 7/11/2018, months before end of support.

Susan Bradley wrote:

Microsoft does not code the feature deferral process with Pro in mind, they have Enterprise and Education skus in their vision when they code the deferral process.

Makes no difference. The start dates are the same.

Susan Bradley wrote:

So be aware if you do choose a deferral period of 365 days, and you have Pro version, you WILL be deferring yourself into an unsupported condition and will need to either change the deferral to 0, or manually install the next feature release to get yourself to where you will receive security updates again.

No, you won’t.

“Second, regardless of which channel a device is assigned to, you can defer the delivery of feature updates by up to 365 days from the official release date for the selected channel.”
Windows 10 October 2018 Update: How to get it, how to avoid it (by Ed Bott, ZDNet)

Reply | Quote

You made a number of objections to what Susan Bradley wrote, but she is correct on all points, as far as I can tell.

I have 365 day deferral and am still on 1703.  The deferral is with respect to when the next release feature updates are first offered.    In that case, it would be 365 days from when 1709 came out, since those are the feature updates I am deferring, and they were first offered in October 2017.  Those feature updates, which were first offered in October 2017, will be deferred for 365 days from the date that they were first offered, which brings us approximately to October 2018 as the last period when the ability to defer an update to 1709 would expire.

Remember the deferral is with respect to when the NEW feature updates were offered, not from when you last installed a feature update.  Meaning, if I am on 1703, the deferral is from the official release date when 1709 (the next release after 1703) was first offered, not from when 1703 was installed.  Likewise, if I were to update to 1803 now, I could defer 1809 for another full year from the official release date when 1809 was first offered, and would not be forced to update until autumn of 2019.

Since the new feature releases are six months apart, a 365 day deferral gives you 18 months total.  I have no idea where you got a date of 7/11/2018, unless you are using a European date convention, and mean 7th November 2018, which would be in the right ballpark for when the next patch Tuesday after the deferral for 1703 ends.  However, your post makes it seem like you meant July 11, which would be incorrect.

I am still on 1703, and I have not yet been offered an update to a new release yet, due to my deferral.  I updated the last security update for 1703 for October after the go-ahead was given by Woody (via Defcon) and Susan (via patch list).

Support ended for 1703 in early October, so I am now no longer under support, just as Susan Bradley said would happen.

I expect that when I go to update for November, I will have to make a choice whether to go to 1709 or 1803, just as Susan Bradley said.  I am not likely to even consider 1809.  You need to re-read what she wrote.

3 users thanked author for this post.

satrow, AlexEiffel, anita.yk

Reply | Quote

You’re right that I misunderstood the example given. But it also depends which branch you’ve selected, the default Semi-Annual Channel (Targeted) or the broad/delayed Semi-Annual Channel, which wasn’t mentioned. If your 1703 was on the default branch then your 365-day deferral of the next update would have expired almost exactly at the 18 months end-of-life, and you should have got 1709 by now. If you opt for the broad/delayed release, then you get less than 18 months support on each version.

2 users thanked author for this post.

Elly, AlexEiffel

Reply | Quote

That’s pretty obvious that no sane person would use the “Targeted” option, given the possiblity to do that (after paying out significantly more for the Pro version). That’s what MS suggests anyway.

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

I don’t believe MS has suggested that.

1 user thanked author for this post.

Elly

Reply | Quote

“if you are a Home version, ensure you upgrade to Pro so you can defer feature upgrades.”

What happened to “free” Windows 10″?

Reply | Quote

Updates on the day of release are free.

Reply | Quote

Nothing in life is for free.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

And at the risk of sounding like a broken record, if you are a Home version, ensure you upgrade to Pro so you can defer feature upgrades.

Surly you must be joking. Microsoft is a sinking ship and they aren’t getting one more thin dime from me until they demonstrate they are competent enough to build and test reliable software.

2 users thanked author for this post.

Elly, mindwarp

Reply | Quote

No, I’m not.  If you are running Home, I urge you to bite the bullet and upgrade.  Otherwise I cringe at not being able to defer feature updates.

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

satrow, Chris B, anita.yk

Reply | Quote

I use mapped drives, as well as UNC paths,  in my home setup which includes 2 Windows  PCs running Win7 home premium 64 bit. As I have commented elsewhere, I really ought to be replacing these two machines, because their hardware is getting too old, but will not because I do not want to be hostage to all the problems of Windows 10 updating.

Ultimately I will be forced to replace them, and with that will perforce come Windows 10. Yes – I will upgrade to Pro. However, the sole feature in Pro that I need is the ability to defer updates, just to avoid Microsoft’s awful quality control, and for that I will have to pay an additional £200 (as anonymous has commented below).

I feel price gouged. And with that comes a deep desire not to buy anything I don’t have to from Microsoft. And very very disappointed with the behaviour of a market leader.

Chris
Win 10 Pro x64 Group A

Reply | Quote

Thankfully, for now, for Home users who have a clue and are tech savvy, workarounds to block upgrades still exist, as noted elsewhere here.  Unfortunately, there is no guarantee that those will continue to work, but for the very extremely rare cases nowadays where I do need to have my PC on and online, I’ll use them and not give MS the money.  I’ve pretty much already moved on anyway, which is sad, since originally I was planning on paying MS to upgrade to Pro on two computers at home when they were originally upgraded to 10 right before the free upgrade period officially ended.  However, MS lost those sales, and basically those active computers since we use our tablets more instead.

Reply | Quote

My old mantra with software – stay on the current version’s latest security updates until there are two feature updates available. Then upgrade the older feature update… Microsoft has removed this ability…

If only I could hold off until Windows 11 comes out to adopt Windows 10.

Reply | Quote

Bizarre, not testing if drive mapping works is sheer stupidity. I would wager must companies used mapped drives and have software the requires the mapping to be configured. This has been since the DOS days so we are not talking about something that is new. Continued blundering will be the end MS as these problems start to seep out to versions higher on the food chain.

Reply | Quote

lurks about wrote:

Bizarre, not testing if drive mapping works is sheer stupidity.

Not bizarre when you understand that most of Insiders are 16-year olds excited by the dark theme in Explorer, not people that would actually use W10 for business.

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

I can understand a 16 yr old fanboy not catching this but this should have been caught internally by MS. But I forgot Nadella does not believe testing and testers are needed. So we are dealing with whatever the fanbois catch and MS will even listen to them.

Reply | Quote

UNC paths and browser only may be the wave of the future, but to many small and medium businesses with older workforces (like mine) a mapped drive is the typical way that many firms still have their network set up.

Errr… I’ve had to use workarounds since long before Windows 10 came out. I have a start up task, had to set the registry value EnableLinkedConnections and RestoreConnection all that time and the mapped drives still come up with red X’s. it’s not until I run the batch script I created from my user context that the drives red X will disappear, even though I can still access them if I click on them with the red X.

Mapped drives are easy for everyone to understand. The only downsides for us is the limitation of drive letters, and the need for netbios over tcp. I’m getting a lot of pressure from my VPN provider to use UNC paths as they blame the mapped drives for performance issues on the VPN

Is the gist of this issue that mapped drives just don’t work at all on 1809? As in totally broken?

Reply | Quote

Susan is absolutely correct that the update controls Pro offers are practically necessary, but giving Microsoft another $100 (!) for the Pro upgrade in order to regain functionality Microsoft has taken away is tantamount to the beaten dog licking the hand of its master.  I will not give them another cent. I will never purchase another Microsoft product unless and until they restore the power the user used to have (control over updates, honest telemetry opt-outs, ability to actually turn the constant spying off, issuing honest press releases, and so on) at a very minimum.

I just got done wiping a Win10 1709 installation and reinstalling Windows 8.1 with Classic Shell. I am going to run 8.1 “Group B” until it stops getting patched or I find adequate Linux replacements for the software I use. Their narrow window to possibly regain me as a customer ends the moment Linux gets installed. I have had my fill of this nonsense.

The instructions on this site were very helpful to me during my Windows 8.1 reinstallation. Thanks also to Microfix for pointing me to some very useful articles here.

1 user thanked author for this post.

radosuaf

Reply | Quote

MS charges $199 for the Pro license, but they are cheaper from third-party vendors; and even a Windows 7/8.1 Pro license works. So, upgrading to Pro isn’t that expensive.

Reply | Quote

You are fortunate (in this regard) to live in the US. Here  in the UK, I have not been able to find a valid Pro upgrade licence for less than about £100 per PC, and I am not sure that Win 7/8.1 pro licences are still available here.

Chris
Win 10 Pro x64 Group A

Reply | Quote

Oh, and BTW… UNC paths are absolutely NOT “the wave of the future” until MS fixes their ridiculous and completely broken “security” features, so that they don’t scream about untrusted location whenever you e.g. try to launch an application from desktop shortcut redirected to a “wave of the future” DFS share. Talking about this in case you’ve never seen the stupidity in action:
– https://social.technet.microsoft.com/Forums/ie/en-US/341f542d-1527-47f6-9964-7b8aadc79d0d/quotopen-file-security-warningquot-on-domainbased-dfs-namespacehosted-shares?forum=winserverfiles
– https://liquidwarelabs.zendesk.com/hc/en-us/articles/210628983-Launching-applications-or-shortcuts-from-a-redirected-folder-requires-security-verification

Reply | Quote

@anonymous – UNC security has been broken since IE7, it detects the UNC path as an internet location and applies internet zone restrictions to it. The workaround is to go to Internet Options > Security, choose “Local intranet” and choose the Sites button. Deselect the “automatically detect” option and enable the three below it. It bugs me that the detection never worked and has never been fixed.

Reply | Quote

Hi Susan, What is best practice in terms of selecting feature update deferrals?

Should I choose “Semi-Annual Channel (Targeted)” or “Semi-Annual Channel”

And what number of days would you suggest?

Reply | Quote

Sorry I forgot to mention in the original post, I have the Pro version of windows 10.

Reply | Quote

There is a MS article on this. In general:

a/ Semi-Annual (NOT Targeted)

b/ feature deferral 120 days

c/ security deferral 7 – 14 days

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

The MS table at Build deployment rings for Windows 10 updates just gives examples for organizations, not recommendations for anyone.

1 user thanked author for this post.

Elly

Reply | Quote

Hence, I wrote “in general”. I wouldn’t consider myself less cautious than an organisation should be.

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

Thanks for sharing the link.

Would the critical deployment ring reference in the article:
a/ Semi-Annual (NOT Targeted)
b/ feature deferral 180 days
c/ security deferral 30 days
Be suitable for use with the Pro version of Windows 10? i.e. is there any chance it could lead to “deferring yourself into an unsupported condition”, as mentioned in the original article?

Reply | Quote

No. Deferral for 180 days is more or less 9 – 10 months from being publicly available and the period of support is 18 months.

Fractal Design Pop Air * Thermaltake Toughpower GF3 750W * ASUS TUF GAMING B560M-PLUS * Intel Core i9-11900K * 4 x 8 GB G.Skill Aegis DDR4 3600 MHz CL16 * ASRock RX 6800 XT Phantom Gaming 16GB OC * XPG GAMMIX S70 BLADE 1TB * SanDisk Ultra 3D 1TB * Samsung EVO 840 250GB * DVD RW Lite-ON iHAS 124 * Windows 10 Pro 22H2 64-bit Insider * Windows 11 Pro Beta Insider

Reply | Quote

Trying to understand the original problem here. Reading KB4471218, it looks like mapped drives work, they are just “unavailable” after logoff and logon? The PowerShell script re-connects unavailable mapped drives:
Get-SmbMapping |where -property Status -Value Unavailable

That does sound like a fixable bug as opposed to a intentional “feature.” It’s just disturbing that persistence of mapped drives after logging off and on is not part of their testing.

Edit to remove HTML

Reply | Quote

There are two mistakes in the previously written comments and by Susan.

The first is that you need the Pro edition of Windows 10 to defer bug fixes. Here is an article showing registry updates to the Home Edition that switch branch channels and defer service packs/feature updates for 365 days

https://www.ghacks.net/2018/09/27/how-to-delay-feature-updates-in-windows-10/

In addition, there is the option of Metered network connections, but I would not count on it as I have seen it set as OFF when running as a standard user well after an Admin user on the same PC set the metering to ON. No idea what to make of that.

The other mistake is that Windows 10 costs money. If you are willing to do a clean install, you can install Windows 10 from an ISO and not activate it. You get 99% of the functionality when it is not activated. I first read about this at How-To Geek, but I don’t have the link. It was not a recent article. Even the Pro version of Windows 10 can be had for free.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

For my custom image I have developed using Windows 10 Pro (1809) using the media creation tool.  I have enabled the SMB 1.0 feature within Windows to allow connections to older file servers and  also use the following ‘REG ADD’ to completely disable UAC.  Using the slider within the Control panel doesn’t seem to work.  Manually disabling within the registry and then rebooting allows my login scripts to run and map drives as necessary.

As usual, modifying the registry can potentially ruin your OS  so please do so at your own risk.  Backups…etc…

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d “0” /f

Reply | Quote