Windows 10 Migration Tips, Tricks, and Strategies
May 23, 2018
Chris Burbank | Solutions Architect | Ivanti
Hannah Curtis | Director, Release and Program | Ivanti
Randy Barger | Principal Architect | Ivanti
Windows 10 presents IT with a vast array of new challenges, and delivering a seamless migration is daunting. Additionally, Microsoft’s new release cadence, with frequent large updates, will force IT into a constant state of migration and endless rounds of critical decisions, overtaxing IT resources and IT teams’ ability to keep up. In this webinar, Ivanti consultants will share their best practices (and tricks) to reduce Windows 10 complexity, ease migration challenges, and migrate users with minimal interruption.
You’ll also learn:
- How to ensure a transparent user migration to Windows 10 with no loss of local user file or profile data
- How to manage and roam between hybrid Windows 7, 8, and 10 physical/virtual environments
- How to centrally manage and track migration progress
Jon: We're live from Ivanti. We're gonna talk about a whole range of things today related to Windows 10 migration. Let's start by introducing everyone you're gonna hear from. So I'm the guy, bottom-right there, I'm Jon Rolls. I look after some of the product lines here at Ivanti, in particular looking after the user workplace products that play a big part in Windows 10 migration.
The main two gentlemen you're gonna hear from are Chris Burbank and Randy Barger. Those are two consultants, and pretty much all they do all day is work with customers in the field, helping with projects like Windows 10, and other, you know, Windows desktop transformation projects. I'm also joined by Ollie Sills and Hannah Curtis who are gonna help moderate and keep an eye on the Q&A in the chat. So if you have questions, please do either raise your hand or type [inaudible 00:00:47] in the chat box. Erika is also available, she's coordinating the webinar. So let's get started.
And I'll just give you a quick view on the introduction and sort of the agenda, then we'll do some introductions. So we're gonna start with an overview of the landscape that we're talking about with Windows 10. I'm gonna talk as little as possible, which is hard for me. I wanted you to hear from our consultants and dive into some of the challenges they see with Windows 10. We'll talk about the way that we engage a Windows 10 project, and our experiences particularly around how we establish a baseline, we manage the user settings, users' file data, how we handle application control and privileges, some of the challenges, and just some overall advice based on the projects that we worked in over the years.
So let's get started. The goal of Windows 10 migration should always be as follows, as you can see here. We want to minimize user disruption, and we want to automate and centralize. If you're doing, running an IT department, or a user network of any size, the last thing you wanna do is have to hands-on work with every user for every migration. Just rolling out Windows 10 [inaudible 00:02:02] design that makes no sense. And so, our approach here is about how do you do this en masse? How do you do it at scale? And how do you do it in a way that's repeatable? Because Windows 10 is not just one and done, you don't just get to version 1703 and then you're done, you're on Windows 10. It's a constant cycle of upgrades, you have to constantly plan to move to the next version.
And so we're gonna talk about all that, but how do you do it in a way that the user gets the maximum experience they can with the least amount of disruption? How do you do it in such a way that it can be repeated and you have not to visit every user and the number of helpdesk tickets is low? And how do you make sure that you do it with a minimal risk of losing anything the user needs to be productive?
So let's get started. And let's hear from Chris and Randy. Thanks for joining us gentlemen, hopefully, the audio is gonna work. Are you there?
Chris: Hi, Jon.
Jon: Hi there. Great, good to hear from you. And I know right now both of you are out at...on customer sites, or customer locations, working on migration, so we appreciate you taking some time to share your expertise with our audience. So let's start with Randy. Can you just give us a little bit of your experience, and obviously we're gonna to anonymize all of the customer names here, we can't talk about those. But just give us a bit of a flavor of some of the clients that you work with and what drives those are migration projects, please.
Randy: Absolutely. So, we've got a very wide range of customers we've been helping, from government and military, to finance, to healthcare, a lot of large, very large customers, and mid-sized customers, even if you view smaller customers, as well, that we've been helping to address the challenges. But, when you get into the enterprise environments and you really have to be able to scale your deployments and scale your migrations in such a way that you can really tackle a lot of machines and a lot of users at the same time.
So, there's a lot of challenges with Windows 10 specifically. You know, we'll get into some of the specifics as far the structure of the operating system from Start Menu to sort of the fast-changing pace of changes with the releases of Windows 10. So, there's a lot of different challenges around that.
Jon: Yeah, I totally agree. Chris, what are your thoughts and what kind of customers have you been working with?
Chris: Yeah, I've gone across many, many verticals with customers, you know, everything from healthcare to law firms, schools, things of that nature, very large and very small. I'm currently working with a client that's a little over 7,000 endpoints, so that's, like you were mentioning earlier, you're not gonna be able to walk out to every single endpoint, and handle every user's settings, and their data, and everything individually. You have to find ways to automate all those, just to make things a lot easier.
Jon: Yeah, absolutely. That's great background. Well, let's get into describing our approach to a Windows 10 migration and the steps that you need to get from, often, Windows 7, not always, but typically Windows 7 to Windows 10. So, let's talk about baselining the environment. And Chris, why don't you talk about some of the tools and the techniques we use to do that, please?
Chris: Luckily from the consulting side, a lot of times our shelf engineers, when they've gone in and, you know, demoed our products to people, they've already gone through and done a lot of that leg work for us. Sometimes they have, sometimes they haven't, it kind of depends, right? But a lot of what you're looking for is figuring out, okay, what types of applications are in this environment? You know, are there things that are needing administrative rights? And that's why, you know, admins have had to go out and give users administrative access on machines that they normally shouldn't have. How much data do users have? Things like that.
And also baseline, what does your logon times look like today? You know, what is your security footprint today? What is your shutdown times, etc. That way, you have a nice baseline to know what you're shooting for so you can make improvements and secure the environment as you go.
Jon: Yeah, absolutely. I put up just a couple of hints here because these are a couple of products that we use within Ivanti in those engagements. You know, we have a product called Insight, which, and analyzes all kinds of things often in that kind of sales, engineer capacity. Another product called File Director which does a lot of discovery, such as Splunk report there.
Randy, how about you? What does your typical engagement begin with?
Randy: Oh, that's absolutely right. You know, we look at reports from Insight, we look at reports from Splunk that we can direct some information to. And we also have, with File Director, we have basically the ability to put everything kind of in the admin mode, or, you know, in other products we might call it an audit mode where it's really not actually synchronizing anything yet. It's out there, it's on the machine, but now we can kind of see what that synchronization would look like and what kind of data we're gonna get, how much data we're gonna get, and really be able to kind of analyze that before we start hitting the LAN link with all this data that we're gonna be doing.
File migration is definitely a really big part of a lot of Windows 10 migrations, so we see a lot of challenges with people that still have a lot of data on their machines, so in the documents, download folders. Instead of using folder redirection, how do businesses really take that approach and migrate that information off of that machine and make sure that it comes back?
I've had a lot of customers that have looked at, you know, manual processes for doing that, and, you know, you figure it's about a two-hour process to really get all of the data off a machine, and then replace that data with a new machine when it comes down. So, definitely able to automate that process a lot and save a lot of man hours in that.
Jon: Absolutely. Let's dive into each of those areas you covered there in turn. I'm gonna do a little intro for each area. The users' personal settings we talked about a lot, it's surprising how important those are to a kind of a good experience. Here's Jon's very simple graphic of what a migration looks like on, you know, these are two desktops. And it might actually be the same desktop. It might be that in the migration from Windows 7 to Windows 10, you're actually doing it either with a hardware replacement or in-place on the same hardware. It doesn't really matter, the challenge is pretty much the same, is how do you capture that?
We're going to actually cheat a little bit. We're going to kind of assume that you've got the operating system out there using either a product like Ivanti Endpoint Manager, which was formerly known as LDMS or LANDESK Management Suite, as many will know. Or, maybe you're using Microsoft SCCM, maybe you're ordering new hardware. We're gonna skip over the details of actually how you deploy the OS. What we're gonna talk about more is how you move the user experience and engage that.
We're also gonna skip over talking about the applications. We'll help you discover what applications you've got, but the process of actually installing them, again, comes down to more of a platform product like, again, like Endpoint Manager or SCCM, or something like that. So, we're gonna skip over those bits.
We're gonna talk about the other layers here. So, the user settings are the things that, you know, really make the applications and make the Windows desktop personal. There are just the little, some of the things that you're gonna want to capture and move, regional settings, printers, certificates for the user authenticating to, I don't know, whatever, Wi-Fi or applications credentials. You can read the rest, custom dictionaries, everything that you use to be productive. So you're used to having this kind of vanilla desktop. And the question is, how do you move those? How do you make sure that we seamlessly capture those and move it in a way that's fault-tolerant and seamless to the user?
And so, I'm going to ask Randy to dive in and talk about it a little more and explain how we typically use Environment Manager in one of these engagements.
Randy: Absolutely. So, one of the first things we really wanna do is find out which settings we're interested in. You know, a typical roaming profile scenario really does not work very well. I mean, you go after everything in App Data, sometimes a whole bunch of stuff of media and the local App Data does not work very well. Just a lot of those things will not cross over, cross to a different operating system. So, we really go through and try to analyze, what are the applications? What are the settings? What are the things that are really important, you know, Outlook signatures, mail profile, Adobe settings, Office settings? These are the things that we want to identify.
And then, then we do basically a two-step approach. We can put our Environment Manager agents on the existing machine, which allows us to start collecting all those settings in our personalization database. Once you've got those settings collected, you've got everything in there, the user can really roam to any other machine at that point. So whether it's the same machine that's been rebuilt or upgraded, or whether it's a completely different machine, or even if it's a VDI or XenApp type of environment, those settings will follow that user.
And what's really nice about that is, we can also collect operating system settings, but there are some things that are very specific to Windows 7, some things for Windows 8, some things for Windows 10. So those settings that don't work for Windows 10 when you move to that environment, those settings don't come over, they're Windows 7 only, and we can condition those things to only apply to certain environments.
Jon: Yeah, absolutely. That's the power of being able to do this out for the roaming profiles. Chris, do you want to add your perspective?
Chris: Absolutely. With all the migration that I've done, the biggest thing from an end user perspective that they seem to care about is their application settings themselves. Some of the operating system settings they're gonna care about, I mean, things like, you know Susie's secretary wants the picture of her kids that she has for her wallpaper still set as her wallpaper. But overall, it usually comes down to the application. So they want, you know, their Outlook signature to still be there, and they want their Word preferences and all of that stuff, IE favorites, things of that nature. That way, that's really what makes that machine unique to that person, is all of those individual application settings.
Jon: Yeah, absolutely. So, let's talk about other things on each of those endpoints. Now we've got local file and folder data. And as much as we'd all love to think that users store these things centrally and back them up, we probably know that's not true. So back to my simplistic diagram, the final piece of the puzzle here is user files that are stored locally. And again, let's talk about, and we're starting with you, Chris, how we can pick those up and synchronize them into the new desktop.
Chris: Absolutely. So, I mean there's a lot of options on ways to do that. I mean, there's Microsoft Roaming Profile, there's several ways of doing it. The easiest way that we've gone to do that is by using our product called File Director. And what that really does is you have the ability to go in and set specific folders to automatically synchronize to your back-end file search. You can use your existing storage you have today, or like the graphic shows, we have a connector that you can utilize that space. You know, if you're using OneDrive for Business, you know, Office 365, you can utilize that space for the users' home drives.
You would hope in those scenarios that everything's gonna be inside their profile. So it's gonna be in their my documents or their desktop or pictures or whatever, and you can continuously have those files you know syncing up and down to every endpoint as they roam around. So now when you give them a new machine, that's where it's at. For files that are outside of that, there's ways we can, you know, utilize some custom action, things like that, as part of the migration to move files into a location that makes more sense to sync them around per user and then just manage them from there. And that way, it's one and done. Once you've got that set up as part of this migration, now you can migrate to anything, new machines with break-fix, or another operating system upgrade, whatever, and all the users' data and all their files come right along with them, as well.
Jon: Yeah, I think [inaudible 00:14:32]. Randy, go ahead [inaudible 00:14:34].
Randy: Yeah, you know, the roaming user files, roaming their data is actually very critical. I mean, we see customers all the time that still have data on the endpoints. And, you know, they have to try to figure out ways to get that data to their mobile device or get access to that data from a VDI or a XenApp session. And then, you know, something happens to the machines, that data, most likely that machine wasn't backed up, that data could be lost. By using a product like this, what you can basically do is ensure that all those files are stored centrally, in a central location that's backed up. Whether that's OneDrive, whether that's your file storage and in-house. But then that data is just synchronized to every endpoint that user touches. Whether it's a laptop, a mobile device, any device they have access to.
And the other thing that's really nice about this is it's seamless to the user. Once that agent is installed, they don't know that they're using File Director, they just go into their my documents folder, they go to the downloads folder, they go in the desktop folder, wherever they normally go. And File Director can seamlessly integrate with those folders and synchronize those folders, so they don't have to go into a special OneDrive folder or, you know, google Google Drive folder or some other special folder, they can put it right where they're used to putting it.
Jon: Yeah, and I love, discussing this with a customer just last week. The other thing is, it doesn't really matter where you are in the world, whether you've got a VPN connection or you're on a local network, or whether you're just a guy on the Internet or a girl on the Internet. It doesn't matter what your connection is, it's all synchronized through Secure HTTP, back to home base. And then whether you're using on-prem storage or OneDrive, File Director, actually it's that synchronization point. So it's ideal where you've got a very distributed workforce, and you're not 100% sure if they're even going to connect it to your LAN most of the time.
So let's get into another topic now. Application control and user privilege. This is a kind of more of security-focused area, but, again, as both Randy and Chris have alluded to earlier, you need to consider that at the start of the project. What level of user privilege are you going to require on these desktops as you go to Windows 10? And how do you identify which applications will need that?
Just a very quick reminder, this is a key discipline as you look at security. There's various government guidelines, there's one we particularly like that talks about the top four things you have to do to lock down and protect, prevent Windows intrusion threats. Whitelisting and privilege control being, you know, two of those, and again, privilege is something we deal with a lot. So whether it's, you know system, components, I mean, if you lock your system down and take away admin privilege, in some systems, the user can no longer do things like even change their own clock or their own time zone.
Even if you allow that or you're on a version of Windows where that's been allowed, then certain applications will require elevation or applications installs, you might want to elevate those. Again, things like installing Safari will pop up the User Account Control screen, and you may or may not want to allow that. Again, it's a helpdesk ticket you don't need. So, by way of introduction, I'm just trying to give a little background to what application control means, what privilege really means.
So, let's start with you, Chris. What do you think the role of application control and privilege management is in a Windows 10 migration?
Chris: Yeah, absolutely. So, the best part about introducing something like application control as part of your migration is you're already changing the user experience there, already getting a completely new interface, completely new. It might be the same machine, it might be a different machine, but overall, the whole look and feel of what they're doing is going to change moving to Windows 10. So, it's a great time to be able to look at the security posture of your network and say, "Okay, well, we've got all of these users that we gave administrative rights because, you know, XYZ application needs admin rights to write a log file," or whatever it happens to be. It's generally something that simple on why applications need administrative rights. They're doing something very simplistic that shouldn't need it, but it's just the way the application is written.
Using our application control technology, we can actually break that down to a per-application basis or individual components within Windows like Jon alluded to, and just give administrative rights to the individual items that need it instead of giving it to the user on the entire session. That way, you can lock down the environment, you can make sure that people can't just do what...you know, things that they shouldn't be doing on those endpoints because they have administrative rights. So you can increase your security posture right along with your upgrade.
Jon: Yeah, absolutely. Randy, anything to add there?
Randy: Well, Chris is absolutely right. I mean, it's the perfect opportunity, we get a lot of customers to say, "You know what, we had to do X, Y, and Z to make this work in our old environment. We wanna do it the right way this time. So, let's build this the right way, let's build this in a secure fashion, start from the ground up, users' experiences are already gonna to be changed. So we're gonna be coaching the users and telling them how to use this new operating system anyway. What a perfect opportunity."
And the other thing about application control in addition to the user privileges is it's whitelisting approach. We basically have a whitelisting feature here along with trusted ownership that makes this a very, very nice zero-day protection from malware and ransomware and other types of viruses. And again, the perfect opportunity when you build a new image and a new system that users aren't working with, you haven't really put a whole bunch of junk on the image yet, you can kind of control and test in a more appropriate manner. You can really put a whitelisting product on this new environment and be able to thoroughly test and deploy that out in a very controlled fashion. So, perfect opportunity for that feature, as well.
Jon: Yeah, absolutely. And, you know, apart from keeping the user activity under control and being able to restrict what they can do, it also gives you protection against malware and ransomware, and other, you know, intrusion attempts because you simply can't run things that, processes that aren't allowed.
All right, so that's a lot about our approach to Windows 10 migration and some of the...you know, how we use our own technology for that. Let's just talk in more general terms about some of the challenges and things you run into with Windows 10 migrations regularly. You already mentioned the things like the Start Menu and file type associations. Can you get into a bit more detail about some of those, and I'm gonna start with a reminder of what the Start Menu looked like at some point in Windows 10. Randy, why don't you talk about a little bit, please?
Randy: Absolutely. So yeah, the Start Menu has been one of the most problematic areas of a lot of my engagements. And part of that is because it's changed with each release. Microsoft has done something a little bit differently with the Start Menu with each release they've had come out. So we're constantly dealing with, you know, what's the best way to customize the Start Menu? What's the best way to personalize the Start Menu for users? How do you control some of the apps that show up there? How do you make that those settings stay the same, stay consistent from one machine to the next?
It's definitely...whether you're using our products or not, it's a very big challenge. And, you know, there's a number of ways that we can address this. We have been, you know, working with Microsoft to make sure that we understand how the Start Menu is architected. We have been able to properly run the Start Menu and properly configure the Start Menu using some policies within our Environment Manager, policy settings, or doing, collecting personalization on the personalization side.
But there's definitely been some challenges. The very first release that came out, Microsoft actually had some bugs that prevented us from properly roaming the Start Menu. Basically, the database files wouldn't close properly or log off, so we couldn't collect those settings. Then they changed the architecture a couple of times, added settings to a few more places in the registry, in the file system that we had to begin collecting those, as well. So it has been a constant challenge, so it's definitely something that, you know, as you're doing your migrations to really thoroughly test and understand how you want to deploy and collect Start Menu settings.
Jon: Yeah, and our goal is, as far as possible, to hide the complexity of that from the administrator. As you say, it's a continual battle. Hey, Chris, what about file type associations? What's been your experience there?
Chris: So, file type associations are the number one roadblock we're kind of run into with Windows 10 migrations. Well, whether it be migrations or just roaming in Windows 10 in general. So, pre-Windows 10, Microsoft made it very simple for application developers as you installed the app, you know it said would say, do you want to, you know, set this as your default for all PDF files for example, with Adobe or something of that nature?
With Windows 10, people may have noticed now, especially with the later builds, if you say yes, you want it to be your default, they're not able to just set that, it actually launches a Microsoft process, and you then have to do an extra step to set that association through the operating system itself. And they have secured down all of those locations where all the associations are set. So you actually can't even copy those from machine to machine at the user level, even Microsoft tools, you know, using roaming profiles, using things of that nature aren't able to run those either.
We're getting a little closer on that front to where we can set associations for people, but roaming them is still a little problematic. They have developed a way, though, that you can do it for a machine, not for a user. So in the case of Windows 10 migrations, if you're keeping the same hardware or even if you're moving to different hardware, but it's still a one user to one machine type of scenario, we can actually do an export of all of the associations that we have for that user, store it, either on that machine or on a file share. And then when that machine comes up the first time on Windows 10, you can set all of the associations as a default for that machine, so any user that logs into the machine would get those defaults. But at least the user would be able to get that.
Unfortunately, where that does, kinda still be more problematic is in the virtual world. So if you're in like non-persist VDI type of environment where you have no idea what machine those users are gonna get to, there's unfortunately not a way today to roam the file type associations. You just have to make sure that you set that expectation upfront with your users, just let them know what you can and cannot do so that, you know, they know what to expect when you get there.
Jon: Absolutely, yeah. Okay, someone else... I haven't got a graphic for this one. So, we'll mention conflicting security software. That apparently is a real challenge, as well. Do you have any comments on that one?
Chris: So that one is more just ensuring that as you're doing your migrations, whether, you know, Ivanti is involved is not, I mean, regardless of what you're putting in place for your Windows 10 migrations, a lot of things that people overlook is, you know, various pieces of security software you have on the machines, you know, anti-virus, encryption, maybe multiple types of anti-virus, anti-malware, etc. It's just making sure that you go through each of those and ensure that all of your exclusions are in place. Because I found more and more lately that, you know, people are skipping that step and then they start running into, you know, performance concerns, and I've even seen them go as far as take down a Windows 10 machine by not ensuring that all of the proper exclusions for your security pieces are in place.
Randy: Yeah. And I would like to really, really agree with that. The last several customers that I worked with are doing these types of deployments have just had so many challenges, because you're dealing with anti-virus, intrusion prevention, data loss prevention, whitelisting applications. All these different things that they're trying to put on these images, and they all conflict with each other. I've had several customers that, you know, deal with challenges of logons and boot-ups that are taking not minutes, but sometimes hours. It's really crazy.
So, definitely work with your vendors, make sure whether it's our products or other products, work with your vendors, make sure that these exclusions are in place, that these are all excluding each other. Otherwise, you're gonna run into some real problems when you're doing your deployments on Windows 10.
Jon: Yeah, actually one of their number one support tickets for these things. I just hear that so often. Okay, let's talk about universal apps, and what those are, and how you've been coping with those. I think, Randy, you're due to talk on this one first.
Randy: Absolutely. So, specifically we're talking about file type associations, you know, that's another place where this has been a little difficult. Microsoft has selectively blocked a lot of the default application behavior that you can't really set some of those things. So that's one challenge with those. But, you know, the other challenge we've run into is, again, with roaming some of those settings. Microsoft is taking the approach of putting a lot of settings into database files now, especially for these universal apps. Some of those database files can't be roamed properly, and a lot of the settings are even obscured from our tools. So it is difficult to do a lot of those settings.
We do have the ability to do roam settings for Microsoft Edge. We've also got the ability to roam setting for sticky notes. We even have a method for migrating sticky notes from the old version to the new version. So there are a few that we're definitely able to work with, but that's definitely a challenge to keep in mind.
Jon: Yeah, a little more fun. So, those are some of the specifics. Let's just talk just more generally, what advice would you give overall to an organization planning a Windows 10 migration, given that you've seen probably the best and worst of how these things can go over the last two or three years?
Chris: Yeah, so I would have to say, the number one piece of advice I could give anybody when it comes to a Windows 10 migration is letting your users know ahead of time what to expect. Because their experience is going to change, the Start Menus are completely different than anything we've had before. The way settings work, the way...and not even just talking that roaming, I'm just ... Literally, where settings inside the operating system are located, things like that, are very, very different.
So, your number one thing is just make sure you keep your users informed, "This is what you can expect, this is what it's gonna look like. Here's what we can do." And in the case of, like, some of the stuff we talked about earlier, there's things that are outside of your control you can't do because of Microsoft-imposed limitations today. So let them know what those are.
The most successful implementations I've had with people are the ones that are very transparent with their end users, and they let them know way ahead of time exactly what to expect. On the flip side, I've been in some where people say, "Well, it's just another operating system upgrade, you know, we're just gonna go through it and do it." And what they get, they get. And those, your user acceptance just plummets, people do nothing, but, you know, complain about the new setup and lost productivity, and things of that nature. As long as you let them know what's going on, every migration I've been a part of that has followed that type of scenario have all been successful.
Jon: Yeah, that's the situation we're trying to avoid in something like this. Randy, do you agree with this?
Randy: Yeah, yeah. I completely agree with this. I mean, it's really project management 101, but it's something we all forget about. Especially on the IT side, you know, we kind of bury our heads sometimes in the data center and say, "Oh, you know, we're doing this great thing," and we forget what the experience is like for the user. And when the user sees one thing pop up in front of them, they see an error message they don't know what to do with or don't know what it means, that's a helpdesk ticket.
And when you're doing something like a Windows 10 migration, they're gonna see a different screen, a different Start Menu, they're going to see different error messages, different windows, different everything. You know, a lot of those can generate, you know, helpdesk tickets. If you start generating a lot of those helpdesk tickets, your project is gonna fail, your users are gonna be unhappy, your manager is gonna be unhappy. So, manage your user expectations, really get out there in front of your project and say, "Hey, here's what the new environment is gonna look like. This is what you're gonna see. If you see this kind of thing, this is what it means, and this is what you do."
Educate your support team, your helpdesk team, those people that are answering the calls, "Hey, you're gonna probably get some calls about this. If this happens, this is how you're gonna handle this." Make that transition as smooth as possible, manage your user expectations. And one other thing also, I wanted to back up for a second, I forgot to mention on the universal apps, in the VDI world, in the non-persistent world, when you've got machines that you are continually logging onto, you know, in a fresh manner, where there's no local profile present on that machine, universal apps basically go through a setup process. So that first time you log in, that set of process has to be done. That is not something we're currently able to personalize.
So as you roam from machine to machine or from different VDI to different VDI, these universal apps are gonna go through that setup process every time you log on. So the only way that you can really prevent that from happening is to remove as many universal apps from the image as possible. Microsoft has some partial scripts you can run. There's...you can basically remove all of them that you don't need and just leave the ones you do want. There is a method that you can remove all of them, but very few customers use that because there's almost always something like Edge, or calculator, or some of those that you're gonna want to leave on the machine. But that's definitely something you wanna keep in mind. If you leave all the default ones on there, you're just gonna increase your logon time significantly.
Jon: Yeah, that's a great point, thanks for bringing that up. Definitely a roadmap item for the future. Whoa. Bless you. Well, thanks, guys, for your input on that. Just to wrap up, I also just want to talk about kind of a new approach to Windows 10 migration. So what we've just been talking about there was using the full version of Environment Manager and File Director to do a kind of continuous roam, so that you can you know minimize downtime and even roam users between multiple environments. It's a very powerful solution.
This year, we also brought out a kind of a simpler version, which is used more for one-time, one-off migration projects. So this is a kind of illustration of kind of the five-step process you would go through in a kind of cutdown version. First of all, in some of the concepts, you wanna go and capture profile and file data. You then need to deploy the operating system, the drivers, the applications and then redeploy the profile and the files you captured earlier.
But the way we do it is a little differently, we have a new cutdown version of Environment Manager called EM Policy, Environment Manager Policy. And we have some scripting and things that will let you do a capture of that profile and file data, and then a replay of that after Endpoint Manager has pushed out the OS and the drivers and the applications.
We'll get into more detail of that in a second. But whereas the full version Environment Manager and File Director are continuously syncing and storing things either in a database or in on-prem storage, this is about pushing things into a file share and they have a temporary way. It's also, you have complete end-to-end [inaudible 00:35:24] through Xtraction, which is our reporting product. So, I'll show you some screenshots of that in a second.
So just...yeah, in comparison to the previous version, I've got some more diagrams in a second. This is like a non-continuous migration scenario. It's a simpler product setup, but its lower cost, a bit more manual. You can still automate a lot of the process, but you're gonna be more hands-on with it compared to the continuous, kind of sync version we had before.
It's delivered as a free kit for those products. So if you own one or more of those, Endpoint Manager, Environment Manager, or Xtraction, you can use the kit. It's basically a set of templates and some scripting and some dashboard for Xtraction. And it doesn't use any SQL databases, it uses a file share to actually store the user's profile and file data temporarily.
So let me show you what this actually looks like. On the left is the Xtraction dashboard, and the kind of flow goes from kind of left, top-left, to bottom right. So you start with discovering devices, finding what versions they're on, prepare them by doing that initial capture of the profile and file data. And then you begin the migration using Endpoint Manager, you investigate anything that went wrong, and then you count the number of remaining non-Windows 10 devices and so on.
And you also get a breakdown of the build versions of Windows 10 in your environment. And this dashboard takes data both from Environment Manager, which is the top-right screen-shot, and there are the templates which you're gonna edit for yourself, and also from Endpoint Manager which is the product bottom-right, which actually does the LS deployment and so on, and it kicks off the whole process. To put it together for customers who are familiar with those products and who wanted a kind of a lighter option compared to the kind of the Cadillac or Rolls-Royce solution that we were dealing with earlier.
In comparison, let's go back to my chart. So you may remember this kind of simple diagram I had of kind of the before and after in the Windows world. So, whereas from synchronizing the user settings before, we were using a continuous sync method of Environment Manager synchronizing to a database. In the kind of lower-cost version, we now use Environment Manager Policy, which is doing file copies basically to a file share. This is capturing registry settings and file settings using some templates that come as part of the kit and going into a file share. And it's designed for a one-way migration, so going between Windows 10 versions and Windows 7 versions, it won't work so well in the virtual environment, doesn't work so well if you're looking to move users between different, you know, kiosks or hot desks. But in a simple one-way migration process, this is a lightweight approach.
Hannah: So Jon, your previous slide mentioned that if you had one of the products, you could get the accelerator kit. So, we've had a question asking, "If you don't own one of those products, is it available to purchase?"
Jon: We can't buy the kit, the kit is just a set of configurations. You need to either buy Environmental Manager, or Endpoint Manager or both. Xtractions are free add-ons to both of those, you need to own one of them. The kit itself, you can download from the marketplace, I'll show you the link in a second, and you can have that any time you like, but...and explore that.
Hannah: And you don't have to buy the full Environment Manager, you can buy the Environment Manager Policy.
Jon: Exactly, you need the Policy version. I'll show you the link in second, so you can get that without needing to own the products. But then I mentioned the user file data, whereas before we were synchronizing it with File Director either to, either your back-end file is all to OneDrive. Again, we're just doing some simple file copies to a file share temporarily, then back on to the new desktop using the Policy version. So, a much simpler approach, but for a one-off refresh, it might work out for you at a lower price point.
And I just saw that question. Yes, Xtraction is a free add-on to any Ivanti product. So, for dashboarding and reporting, if you own an Ivanti product, you can connect it to any product. You only pay for Xtraction if you want to connect it to third party products, and they're SCCM or Active Directory, or anything else, SAP to your product.
And where do we get the Migration Accelerator from? It's there on the Ivanti marketplace. So, I'll show you another screenshot in a second. It's got three areas, and adds some documentation, you get the config for Environment Manager, Endpoint Manager, and you get the connectors for Xtraction. And you can...it's nicely broken down and organized, so you can see exactly which parts of the Windows 10 desktop we're gonna capture. And you can obviously edit, so manipulate it yourself if you want to.
That's the marketplace, you just go to marketplace.ivanticloud.com, and there it is. And you can search through that and you'll find the Windows 10 Accelerator is one of many items available through that, and we're continually expanding and improving the marketplace. So it's a source of configurations and add-ons for all of our products.
So with that, are there any questions we've not tackled or...? Now would be a great time to put them into the chat window. And we'll give at least a few minutes here to answer those.
Oliver: There was a question about professional services, did we ever get that answered in chat?
Jon: Yeah, we answered that one directly. I think the question was, "Are pro services required with these solutions?" No, we have customers who do it themselves. Do we recommend that? I mean, either work with a partner who often have their own skills and can bring consultancy if needed. Or, we go for our own services, often we work with partners and integrators to deliver those. But then we have customers who never call on our pro services, it's not required. That's one of the questions flash up, then It came direct to me.
Oh, yeah. "We're using Endpoint Manager, can we use this for sites having Environment Manager?" You can. You have Endpoint Manager, you can use them entirely. You won't get any of the benefits of the Migration Accelerator or the synchronization, so you'll have to use something else for moving profile and file data. You know, as we mentioned earlier, there are things built into Windows like roaming profiles and Folder Redirection. You'll find they don't work very reliably at scale, and they certainly don't work well when you have remote users. But, you absolutely can use the parts of the Windows 10 Kit without Environment Manager.
We're about to launch...we actually already have released with the 2018.1 release of Endpoint Manager, you'll see that we've actually integrated Environment Manager directly into the console, and you can unify the deployment of the agents and the configuration. So it's actually become a whole lot easier. Think of it as Endpoint Manager Plus, which is now available.
Another question here, "Is there content on Ivanti Community for the Accelerator?" No, we [inaudible 00:42:54] share configurations and add-ons and connectors. That will go to the marketplace now. A community is more for asking questions and asking for advice and discussing things. But any kind of any sizable downloads, anything that's more than a few K in size is gonna go on the marketplace. And the reason for doing that is ultimately, we want to build integration into the product so they can connect directly to the marketplace. So from inside the Environment Manager console, for example, you'll be able to see a list of what templates are available in the marketplace and download them without needing to go to the website.
More questions flying in now. "Is there a pre-built EM policy available for migration?" Yeah, that's exactly what the Windows 10 Migration Accelerator Kit is. That's what this thing is. It's basically an Environment Manager and Endpoint Manager pre-built template. So this screenshot here, those little blue nodes is a EM policy that's kind of pre-built, that you can adjust if you want to, but out of the box, it'll do a pretty decent job.
Hannah: A couple of more questions there.
Jon: Okay, "Do you guys have anything like, most of our computers are in Windows 10 1507, I think, we want to move to 1803?" Yeah, I don't mean... While the first version of Windows 10 1507 is technically now out of support by Microsoft, I still think we'll be able to capture the profile and file data off it. We haven't intentionally broken the thing. Some of the newer features won't work. I mean, the Windows 10 Start Menu has changed so dramatically from that period, I don't know if we'll be able to capture Start Menu settings. But we'll certainly be able to catch other parts of the profile. So that's one.
There is the matrix. There's a knowledge base article somewhere which lists exactly which features will work with which Windows 10 version because Microsoft has added APIs and new things for us to work with. But we will certainly be able to help you with a large part of that migration.
Hannah: One more question for you. "How can you detect software to automatically redeploy using RSD and provisioning as it includes standard software for Jane, but she had Acrobat Pro, so I want it reinstalled during reimage?"
Jon: So you want to discover the application? [Inaudible 00:45:20] RSD, but I don't understand that.
Hannah: So I'm gonna repeat the question, though. "How can you detect software to automatically redeploy using RSD and provisioning..."
Hannah: "...as it includes standard software for Jane, but she had Acrobat Pro, so I want it reinstalled during the reimage?"
Jon: Right. So, I think the question is, how do you detect which applications a user has today? Randy and Chris, be on standby for this one, because I wanna hear your views on this one, too. Yeah, I got it, yeah. The question is, how do we detect applications? And then when we push out Windows 10, make sure that they have the same set of applications installed when they get there. I'm gonna ask Randy, why don't you go first if you're not muted?
Randy: Well, I think that's really gonna be more of an Endpoint Manager question, and I'm gonna defer to Chris, he's got a little bit more experience with that than I do. But, I would say there would be a way to utilize that tool to kind of do some inventory on what exists where, and then redeploy accordingly. But I don't know, Chris, do you have any suggestions on that one?
Chris: Yeah, so that one is definitely part of Endpoint Manager versus, you know, the UWM Suite that we've been talking about during this webinar. But yes, there is application mapping with provisioning, so you can map exactly what the user or machine had prior and lay down the exact same items on the new machine.
Jon: Yeah. I will say that if you're in a scenario where you literally inherited a bunch of desktops covered in applications, and you're not exactly sure how they got there or who installed them or what system was used, you got a bigger challenge. You start with that baseline thing that Chris and Randy talked about earlier where you gotta go and find out what's in use, first of all. And, you know, and once you've figured out which applications are important, you then gotta go and find the installers for those, so that you can push those out as part of the Windows 10 deployment. And now I've run into the occasional customer who has that scenario where they've just taken over from a completely failed regime. And, you know, it's a Wild West in terms of what applications are out there and how they got there.
Hopefully, if we were using an Endpoint Manager, an SCCM or [inaudible 00:47:31], or whatever other solution there is, you can then target app delivery through the same method of Windows 10. Are we done for questions? Anything else?
Hannah: [Inaudible 00:47:47].
Oliver: I think two more of them in there, actually. So...
Hannah: Yeah. "Is there a pre-built template for the Start Menu, and where can I download it from?"
Jon: Yes, it's built into Environment Manager. The Windows 10 Start Menu template is actually a part of the Environment Manager, personalization templates, and it's right in there. And we update it in every release. And so Microsoft continues to change it.
Hannah: And what [crosstalk 00:48:12]...
Chris: Yeah, the big reason that one has to be kind of built-in versus templated like a lot of our other applications, is there's a bunch of extra actual calls to Windows APIs and such that we have to use in order to do that Start Menu, whereas most applications, you're just dragging files and registry keys. So that one is a little more unique, which is why it's built directly into it.
Jon: So, Hannah...
Hannah: I'm so sorry. Yeah, and lastly here, "What tools do you have to deploy in-place Windows 10 upgrade to be pushed out over multiple sites, no profile migration needed?"
Jon: Well, we're gonna trust the in-place upgrader. I mean, Chris, is that in Endpoint Manager, does it kick off in-place upgrades?
Chris: Yes. That would be Endpoint Manager that does that.
Chris: One thing you wanna keep in mind with those, where they say, "No profile migration needed." So a lot of times people assume that, "Okay, well, I'm gonna move from Windows 7 to Windows 10, or Windows 8 to Windows 10 or whatever on the same machine with an in-place upgrade, I'm not gonna wipe and replace, that everything is going to be there." I've actually found that in a lot of cases that's not true.
So, a prime example that I've been working with with my current client are printers. As soon as you upgrade, you know, Windows 8 to Windows 10 in their case, yeah, a lot of their application settings are still there because they're still on the registry, but things like printers and all of that, even though the drivers are there, Microsoft does not bring those over as part of the upgrade. So we're laying those back down.
Jon: Yeah, I talked to a customer last week at our Interchange event, he said of the 20 laptops that they relied on for an in-place upgrade, 19 of them had failed. And I'm not quite sure what it is that's so unique in their environment, but, you know... On the consumer side of things, obviously, in-place upgrades, and it's been so-so, reasonably reliable. But in an enterprise environment, I've heard very different results, so...there is that.
Hannah: The very last one, just to repeat, to reiterate, there's one question about purchasing EM Policy for the kit to work, and that's correct [inaudible 00:50:18]
Jon: You do. To use the whole kit, when you can, use the Endpoint Manager bits only. By the way, the upgrade... So, I mentioned that we've integrated EM policy into Endpoint Manager. There's a new bundle for that, and the upgrade price is very reasonable, under $20 a user, much less. So, you gotta talk to your sales rep if that's something of interest. You don't need to pay the full price of for EM policy, you can purchase it as a add-on to Endpoint Manager in this...you get a massive discount as a existing customer. Oh, we got one more.
"Once the image is complete, is there a way to upgrade the image by injecting the latest Windows feature updates without recapturing the whole image?" Oh, Chris, this is one for you. "Will it need to be done with a separate template or script, trying to avoid reimaging every time there are changes in the OS, but running into all kinds of issues with Win 10 enterprise versions?"
I don't know on that one. Chris, do you know the answer to that one?
Chris: That one, again, boils down to a more Endpoint Manager guy question. I believe, yes, we can do that, but I don't have a lot of detail on it. Endpoint Manager, unfortunately, is not one of my areas of expertise.
Jon: Okay. You know, I may have to get back to you on that one. I don't know if you can update the image without recapturing. Yeah, no, I don't know for that one.
Jon: Yeah, we'll find it and we'll get back to you. You gotta put in some contact in each answer.
Jon: Perfect, okay. All right, thanks for your time, everybody, we'll end there. I hope that was helpful. Always happy to follow up before any of the presenters will be available, or to reach out to your usual reseller partners, integrators, account reps, sales engineers, and we'll help in any way we can. Thanks a lot. Bye-bye for now.