Development of Windows 10 is a continuous process—while previous versions of Windows received service packs or point releases that served primarily as rollups of Windows Update security patches, Windows 10 receives feature updates on an approximately six month cadence. These updates bring significant user-facing changes, as well as changes to enterprise features.
Windows 10 version 1903 (also called 19H1) was made available to the Release Preview ring of the Windows Insider Program on April 8, 2019, and was added to the MSDN download catalog on April 18, 2019. Microsoft announced general availability for consumers, and commenced rollouts via Windows Update, on May 21, 2019.
For those wishing to get an early look at the new version, check out TechRepublic's guide to getting Windows 10 version 1903 early, likewise, those wishing to defer an upgrade should check out the guide to delaying installation of Windows 10 version 1903.
Windows 10 Pro For Workstations Vs Windows Server 2019
TechRepublic's overview of the May 2019 update to Windows 10 is a 'living guide' that will be updated as new articles about the update are published across TechRepublic, ZDNet, and CNET. For more on Windows 10 generally, also check out TechRepublic's cheat sheet for Windows 10.
SEE: Windows 10 May 2019 Update: 10 notable new features (free PDF) (TechRepublic)
What to know before and after installing the Windows 10 May 2019 Update![]() Unplug and remove your external drives and memory cardsWindows Server 2019 Essentials Vs Standard
Users receiving notices that 'This PC can't be upgraded to Windows 10' when attempting to install the update should remove external drives and memory cards, as they can block systems from installing the update. The update process can cause drives—including internal drives—to be assigned different drive letters after installation.
You'll need more free space to install the May 2019 update
Microsoft has increased free disk space requirements for new PCs shipping with Windows 10 1903 to 32 GB, an increase from the 16 GB needed for 32-bit versions and 20 GB for the 64-bit versions. While Microsoft claims that these are only requirements for new computers, Windows Update does not check to see if sufficient free space exists before starting the update—leading to updates failing to install, with opaque error codes such as 0x80070070.
For new computers shipping with Windows 10 1903, Microsoft is also introducing 'reserved storage,' allocating 7GB of the disk to ensure that future updates can be installed smoothly.
Check your privacy settings after installation
Previous updates to Windows 10 reset privacy settings to the defaults, which share a relatively high amount of usage and analytics data with Microsoft. Though Microsoft has attempted to be more transparent with privacy settings, the spontaneous reset of privacy settings can be an unwelcome surprise. Be sure to change your privacy settings in Windows 10 after updating.
The update brings more robust protections for Spectre and Meltdown
Microsoft is bringing Google's retpoline patches to Windows 10, which should finally bring robust and performant patches for the Spectre and Meltdown vulnerabilities. Microsoft's previous attempts at patching these vulnerabilities have been plagued with issues, as patches caused random reboots, blue screens, and inadvertently made it easier to exploit the vulnerabilities.
Forcing periodic password changes may become a thing of the past
Microsoft is questioning the wisdom of using Group Policy to enforce password expiration. The company is seeking public comment on the practice, arguing that the practice is outdated and ineffective. As TechRepublic's Lance Whitney put it, 'if you have evidence that [your] password had been stolen, you would change it immediately rather than wait for some predefined expiration date,' while Microsoft colorfully noted that 'if your users are the kind who are willing to answer surveys in the parking lot that exchange a candy bar for their passwords, no password expiration policy will help you.'
New features coming to the Windows 10 May 2019 UpdateStreamlining Start, Search, Accounts, and Sign-In
For new accounts, Windows 10 reduces the number of icons and groups applications into folders more than in previous versions, and makes them easier to remove. Likewise, there are now less hoops to jump through to uninstall built-in applications.
SEE: Windows 10 May 2019 Update: The new features that matter most (ZDNet)
Search is now less cluttered, with filter icons at the top, the five most frequently used apps in the center, and recent documents and browsed pages at the bottom. Cortana has been separated from Search, now allowing people to remove the Cortana button from the taskbar.
The Sign-In options panel in Account Settings has also been streamlined, with an option to use a personal security (FIDO2) key added.
DPI Awareness includes better support for Hi-DPI apps & displays
As notebook computers increasingly use Hi-DPI displays, apps may not perform as expected when connecting external displays. Since Windows 10 Version 1803, Microsoft offers to fix apps without having to log out of Windows, so this fix is now applied automatically, unless the features is manually deactivated. It's also possible to view and sort apps by DPI awareness in the Task Manager, as a column for that attribute has been added.
Other visual enhancements, including a 'Light Mode' to complement the darker theme that shipped with Windows 10, were also added.
You can safely access Linux filesystem data inside File Explorer
Users of Windows Subsystem for Linux (WSL) will be able to access, move, and copy data stored inside WSL instances using File Explorer, making it easier for developers using WSL to manage files in those environments without relying solely on the command line, or third-party kludges that can lead to data loss or corruption.
Application sandboxing allows for safe app test driving
On Windows 10 Pro and Enterprise, Windows Sandbox adds a containerized environment for running untrusted executables. The sandbox is destroyed after the app is closed. This feature relies on hardware virtualization extensions (Intel VT-x, and equivalents) present on modern hardware, though this may require manually enabling these extensions in the system BIOS. Rick and morty brain parasites video. Likewise, the Windows Sandbox feature itself must be enabled using the Windows Features dialog in the Control Panel.
Windows Defender System Guard brings advanced security features
The Windows Defender System Guard container, formerly called Virtualization-Based Security or Virtual Secure Mode, isolates the Windows kernel to shield against cases where it may be compromised. Using Hyper-V, secure 'memory enclaves' are used to isolate signed code executed at a higher virtual trust level, preventing malware from editing firmware and boot components of Windows.
Likewise, Windows Defender Application Guard is a security mode for Microsoft Edge, which allows users to visit untrusted websites without worrying about malicious code on those websites gathering system information or downloading malware onto the computer. An extension exists for Chrome and Firefox that loads untrusted websites in the guarded Edge instance. It is unclear if or when this feature will support the new Chromium-based Edge, still under development.
Windows Admin Center modernizes Windows Server, Azure instances, and workstations
Improvements to Microsoft's Windows Admin Center (WAC), following its introduction one year ago, allows system administrators to manage Windows Server 2019 instances, as well as Azure-hosted services, and traditional workstation deployments of Windows 10. The web-based WAC is particularly helpful for managing hybrid cloud deployments, as it unifies multiple services into one dashboard.
PowerShell access, naturally, is still available for users who prefer the command line. For users of Storage Migration Service or System Insights, WAC is the only GUI available. While not all functionality has been ported over from the classic Remote Server Administration Tools (RSAT), reliance on older tooling is only necessary in specific circumstances. TechRepublic's Simon Bisson notes that 'Microsoft is gently nudging admins and other users away from their old admin tooling,' adding that 'it won't be too long before it's your only option if you want to get the most from your Windows Server installs.'
PowerToys coming back to Windows after decade-long absence
Microsoft is reviving releases of PowerToys—free desktop enhancements for power users provided by the Windows development team, but not supported by Microsoft, or officially part of Windows. PowerToys first appeared with Windows 95, though were discontinued with the release of Windows Vista. Starting with Windows 10, PowerToys will be open source, and available on GitHub.
Features not coming to the Windows 10 May 2019 Update
With the Windows Insider early-access program, Windows development now happens far more out in the open than was the case with prior versions, leading to public-facing experiments that may not be adopted in final releases.
Plans for 'Windows Sets' app data grouping abandoned
Sets, a Windows management feature that allows users to group app data, websites, and other information in tabs, appears to be abandoned in the update, according to ZDNet's Mary Jo Foley, who noted that significant engineering work would be required of the Edge and Office teams to implement the feature, which was not well received in public testing with Windows Insiders. Users who want a feature like Sets can turn to the Stardock 'Groupy' application, which provides similar functionality.
Microsoft Weekly Newsletter
Be your company's Microsoft insider with the help of these Windows and Office tutorials and our experts' analyses of Microsoft's enterprise products. Delivered Mondays and Wednesdays
Sign up today Sign up today
Also see
Microsoft is pleased to announce the final release of the security configuration baseline settings for Windows 10 October 2018 Update (a.k.a., version 1809, “Redstone 5” or “RS5”), and for Windows Server 2019.
Download the content from the Microsoft Security Compliance Toolkit (click Download and select Windows 10 Version 1809 and Windows Server 2019 Security Baseline.zip).
The downloadable attachment to this blog post includes importable GPOs, a PowerShell script for applying the GPOs to local policy, custom ADMX files for Group Policy settings, documentation in spreadsheet form and as a set of Policy Analyzer files. In this release, we have changed the documentation layout in a few ways:
Highlights of the differences from past baselines, which are listed in BaselineDiffs-to-v1809-RS5-FINAL.xlsx:
We received and have been evaluating recommendations for more extensive changes to the baselines that we are continuing to evaluate for future releases.
We have replaced the collection of .cmd batch files for applying the baselines to local policy with a single PowerShell script that takes one of these five command-line switches to indicate which baseline you want to apply:
A couple of important notes about using the BaselineLocalInstall.ps1 script:
Windows 10 v1809 has greatly expanded its manageability using Mobile Device Management (MDM). The Intune team is preparing documentation about the Microsoft Windows MDM security baseline and how to use Intune to implement the baseline, and will publish it very soon. We will post information to this blog when that happens.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |