This week, Microsoft revealed the next step in its overly-aggressive campaign to convince users of earlier Windows versions to upgrade to Windows 10: It will enable the “Get Windows 10” app on managed small business PCs.
This is yet another major escalation in Microsoft’s drive to get to 1 billion active Windows 10 devices within 2-3 years of the initial release. (Last week, the software giant revealed the next major milestone in this push: There are now over 200 million active Windows 10 devices.) But it’s momentous for another reason. This is the first time that Microsoft has forced “Get Windows 10” on domain-joined PCs.
To date, only consumers have seen “Get Windows 10” on their Windows 7 and 8.1 PCs. And while Microsoft touts “the incredible response” to this campaign, that cuts both ways: Many users are irate about Microsoft’s overly-aggressive upgrade advertising, and the software giant has come under fire for surreptitiously pre-downloading the Windows 10 upgrade bits—which weigh in at a massive 3-4 GB depending on the version—and in some cases silently triggering the actual upgrade.
But now, “Get Windows 10” is coming to managed PCs. Which is to say, PCs that are connected to Active Directory-based domains.
“Small businesses and organizations will soon be able to receive notifications about the upgrade and then directly upgrade to Windows 10 through an easy-to-use interface right from the system tray on their Windows 7 Pro or Windows 8.1 Pro PC,” a Microsoft blog post explains.
To be clear, not all domain-joined PCs will see this insidious violation of trust. Instead, this push is aimed only at small businesses (SMBs), which in Microsoft terms means PCs that meet the following criteria:
- Windows Pro only. As is always the case, only PCs that are properly licensed for and running Windows 7 with Service Pack 1 (SP1) or Windows 8.1 with Update 1 (Windows 8.1.1) will see “Get Windows 10”. But because these are domain-joined PCs, they need to be Windows 7 Professional or Windows 8.1 Pro.
- Windows Update-based updating. That is, the PCs are configured to receive updates directly from Windows Update using back-end services such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).
- Active Directory members. The PC must be “managed,” meaning they are members of an Active Directory (AD) domain. AD is Microsoft’s directory services infrastructure aimed at businesses of all sizes.
So. What keeps “Get Windows 10” from appearing on enterprise PCs, as well as those in many mid-sized businesses? According to Microsoft, it’s the first two of the qualifiers above. That is, enterprises that use Windows Enterprise on the client and/or manage their environments with on-premise tools (which can still include WSUS or SCCM) will not see “Get Windows 10.” Here’s how Microsoft words this:
“The ‘Get Windows 10’ app will not be introduced to PCs in large corporations who run Enterprise edition or who prefer to manage their own updates with onsite tools (including WSUS or System Center Configuration Manager.)”
And Microsoft is of course providing a way to prevent “Get Windows 10” from appearing on managed PCs, and this will work regardless of your business size. That is, even those in SMBs can prevent “Get Windows 10” from ever appearing. (I wish Microsoft would offer this functionality to individuals, for whatever that’s worth.)
Administrators who wish to prevent “Get Windows 10” from getting its insidious hooks into their PCs can use the guidance in KB3080351and block updates via Group Policy.
For the record, I deplore the tactics Microsoft is using to force Windows 10 on users. Advertising the upgrade is one thing, but users should be able to turn off notifications for set periods of time or for perpetuity, and Windows 10 Setup should never silently download in the background “just in case.” Unlike Microsoft’s non-existent privacy issues with Windows 10, this is a serious problem. And forcing the upgrade down SMBs customers’s throats only exacerbates the problem.