AppleCare OS Support at Duke

Did you know that Duke University has an AppleCare OS Support Select Agreement? We do! In addition to handling requests related to Apple OS, IOS and other products, Apple will work though this agreement to resolve issues related to Apple deployments managed via our Jamf Pro instance as well. A brief overview of the program details as well as the methods for getting tickets submitted can be found at the Duke Endpoints wiki.

Posted in Uncategorized | Comments Off on AppleCare OS Support at Duke

To LTSB or not to LTSB? It depends…

Effective use of Windows 10 Enterprise LTSB will depend on your specific needs and the needs of your users.

With the release of Windows 10 in 2015, Microsoft introduced a new sub-edition of Windows 10 Enterprise called “Long Term Servicing Branch” or “LTSB”. Each release of Windows 10 Enterprise LTSB will remain relatively unchanged–receiving only security updates and bug fixes, but no feature updates–through a 10-year lifespan.

To date, Microsoft has delivered two releases of Windows 10 Enterprise LTSB (2015 and 2016) with the next expected in 2019. While, according to Microsoft, LTSB was “designed for special-purpose PCs such as those used in point-of-sale systems or controlling factory or medical equipment”, some in IT have deployed it to common end-user computers, citing the benefit of having no Windows Store apps (which includes Microsoft Edge and Cortana) and no semi-annual feature updates to deal with.

However, recent articles and an updated Microsoft FAQ point out that, as released versions of Windows 10 Enterprise LTSB will not receive newer features, they will also not be supported on newer computer processors (such as Intel’s eighth-generation “Kaby Lake Refresh” architecture, released in August, 2017) . This introduces a potential down-side to deploying LTSB, but it’s not a new concept, as both Windows 7 and Windows 8.1, both still fully supported by Microsoft on older hardware, are only partially supported on Intel’s sixth-generation “Skylake” processors and are not supported on the seventh-generation “Kaby Lake” processors.

So, should we be deploying Windows 10 Enterprise LTSB here at Duke? That’s a question each group will have to answer for themselves. There are no security reasons to not deploy LTSB. There are no system management reasons to not deploy LTSB. There are only functionality and hardware requirements to be considered, and those requirements will be different from department to department and, in some cases, from user to user.

You should not deploy Windows 10 Enterprise 2016 LTSB if…

  • …the user requires Windows Store apps (which includes Microsoft Edge and Cortana).
  • …the user requires core Windows 10 functionality that’s been introduced since the latest LTSB release (Windows Subsystem for Linux, for example).
  • …the user has a new computer running on an Intel eighth-generation “Kaby Lake Refresh” or newer processor.
  • …your environment requires that all computers be running the exact same operating system.

You might want to consider deploying Windows 10 Enterprise 2016 LTSB if…

  • …none of the previously stated requirements apply to your users or your environment.
  • …you would like to completely opt out of Microsoft’s “Windows as a service” twice-per-year feature upgrade cycle.
  • …you would like to opt out of the optional Windows Store software pre-loaded onto other Windows 10 editions.
  • …you can support having multiple editions of Windows 10 in production on newer hardware.

With Windows 10 Enterprise 2016 LTSB, Microsoft provides a more stable and business-like environment, but at the expense of cutting-edge functionality and compatibility. Whether or not LTSB is right for you and your users is for you to decide. For some (like the author), the benefits outweigh the cost.

Posted in Uncategorized | Comments Off on To LTSB or not to LTSB? It depends…

Special Note Regarding Self-Managed Endpoint Clients And Duke Health Devices

If you are part of the School of MedicineSchool of Nursing, or are connected to the Duke Health System Network, you will need to install the BigFix client that communicates with the Health System instance of BigFix, not the Self-Managed Endpoint Client installers available through the OIT Software Licensing website.  You can find the proper installers on the Duke Health Intranet BigFix page.  Windows, Macintosh, and Linux clients are available along with instructions.

Posted in Uncategorized | Comments Off on Special Note Regarding Self-Managed Endpoint Clients And Duke Health Devices