Windows 10 Enterprise LTSC 2019/2021

Discussion in 'Windows OS and Software' started by Spartan@HIDevolution, Jun 7, 2020.

  1. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,655
    Messages:
    29,544
    Likes Received:
    58,538
    Trophy Points:
    931
    June 15, 2021-KB5003703 (OS Build 17763.2028) Preview

    Highlights

    • Updates an issue that prevents certain screen reader apps from running.
    • Updates an issue that might cause a VPN to fail.
    Improvements and fixes
    This non-security update includes quality improvements. Key changes include:

    • Addresses an issue that prevents sorting from working properly when using multiple versions of National Language Support (NLS) sorting.
    • Addresses a performance issue in the MultiByteToWideChar() function that occurs when it is used in a non-English locale.
    • Addresses an issue that fails to properly manage touch input related memory before a user session ends.
    • Addresses an issue that causes Windows to stop working when it uses AppLocker to validate a file that has multiple signatures. The error is 0x3B.
    • Addresses an issue that might cause BitLocker to go into recovery mode after updating the Trusted Platform Module (TPM) firmware. This occurs when the "Interactive logon: Machine account lockout Threshold" policy is set and there were incorrect password attempts.
    • Addresses an issue that prevents certain screen reader apps from running when Hypervisor-protected code integrity (HVCI) is enabled.
    • Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events.
    • Improves the accuracy and efficiency of sensitive data analysis in the Microsoft 365 Endpoint data loss prevention (DLP) Classification Engine.
    • Addresses an access violation issue in HTTP.sys that causes a stop error. This issue only occurs when you enable HTTP tracing or logging.
    • Addresses an issue with the Internet Key Exchange (IKE) VPN service on remote access server (RAS) servers. Periodically, users cannot connect a VPN to the server over the IKE protocol. This issue might start several hours or days after restarting the server or restarting the IKEEXT service. Some users can connect while many others cannot connect because the service is in DoS Protection mode, which limits incoming connection attempts.
    • Addresses an issue that might cause a VPN to fail after renewing a user auto-enrolled certificate. The error message is "There are no more files".
    • Addresses a metadata encoding issue that causes Free Lossless Audio Codec (FLAC) music files to become unplayable if you change their title, artist, or other metadata. For more information, see FLAC encoded music file is corrupted when metadata is edited in Windows Explorer.
    • Addresses an issue that causes Remote Desktop sessions to stop responding while the User Datagram Protocol (UDP) is enabled.
    • Addresses an issue with an infinite loop in svchost.exe (TermService) that might cause high CPU usage.
    • Addresses an issue in Adamsync.exe that affects the syncing of large Active Directory subtrees.
    • Addresses an issue that might cause endless replication when you promote a new domain controller and the Active Directory Recycle Bin feature is enabled.
    • Addresses an error that occurs when the Lightweight Directory Access Protocol (LDAP) bind cache is full, and the LDAP client library receives a referral.
    • Addresses an issue that might cause a stop error when you run SmbConnectStress for a prolonged duration.
    • Addresses a redirector stop error that is caused by a race condition that occurs when the system deletes binding objects when connections close.
    • Addresses an issue that might damage the file system of some devices and prevent them from starting up after running chkdsk /f.
    • Addresses an issue that causes the images and text that first appear when you open a RemoteApp to remain on the screen indefinitely.
    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

    CU (Cumulative Update) dowload link - 17763.2028

    June 15, 2021-KB5003857 Cumulative Update Preview for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019

    NDP35-48
    http://download.windowsupdate.com/d..._cd3b6f374205c026b1da2660db47e7975f97453e.msu

    NDP35-472
    http://download.windowsupdate.com/c..._0382d8bcbd26cd762def4366842dbc3183694758.msu
     
  2. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,655
    Messages:
    29,544
    Likes Received:
    58,538
    Trophy Points:
    931
    July 6, 2021-KB5004947 (OS Build 17763.2029) Out-of-band

    Highlights

    • Updates a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527.
    Improvements and fixes
    This security update includes quality improvements. Key changes include:

    • Addresses a remote code execution exploit in the Windows Print Spooler service, known as “PrintNightmare”, as documented in CVE-2021-34527. After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system’s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the RestrictDriverInstallationToAdministrators registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.

    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.



    CU (Cumulative Update) dowload link - KB5004947
     
    6730b and Vasudev like this.
  3. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,655
    Messages:
    29,544
    Likes Received:
    58,538
    Trophy Points:
    931
    Half-baked as usual from Redmond HQ. Why bother push out OOB patches if they are almost worthless?

    Microsoft’s Out-of-Band fix for PrintNightmare already by-passed by hackers mspowerurse.com

    Yesterday Microsoft released an out-of-band patch for the PrintNightmare Zero-day exploit that grants attackers full Remote Code Execution capabilities on fully patched Windows Print Spooler devices.

    Currently, security researchers advise that admins keep Print Spooler service disabled until all the issues are fixed.
     
    6730b likes this.
  4. epguy3

    epguy3 Notebook Evangelist

    Reputations:
    332
    Messages:
    461
    Likes Received:
    369
    Trophy Points:
    76
  5. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,655
    Messages:
    29,544
    Likes Received:
    58,538
    Trophy Points:
    931
    July 13, 2021—KB5004244 (OS Build 17763.2061)

    Highlights
    • Updates to improve security when Windows performs basic operations.

    • Updates for verifying usernames and passwords.
    Improvements and fixes
    This security update includes quality improvements. Key changes include:

    • Removes support for the PerformTicketSignature setting and permanently enables Enforcement mode for CVE-2020-17049. For more information and steps to enable full protection on domain controller servers, see Managing deployment of Kerberos S4U changes for CVE-2020-17049.
    • Adds Advanced Encryption Standard (AES) encryption protections for CVE-2021-33757. For more information, see KB5004605.
    • Addresses a vulnerability in which Primary Refresh Tokens are not strongly encrypted. This issue might allow the tokens to be reused until the token expires or is renewed. For more information about this issue, see CVE-2021-33779.
    • Security updates to Windows Apps, Windows Management, Windows Fundamentals, Windows Authentication, Windows User Account Control (UAC), Operating System Security, Windows Fundamentals, Windows Virtualization, Windows Linux, the Windows Kernel, the Microsoft Scripting Engine, the Windows HTML Platforms, the Windows MSHTML Platform, and Windows Graphics.
    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.


    CU (Cumulative Update) dowload link - KB5004244


    July 13, 2021-KB5003541 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019

    NDP35-472
    http://download.windowsupdate.com/d..._cd3b6f374205c026b1da2660db47e7975f97453e.msu

    July 13, 2021-KB5003538 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019

    NDP35-48
    http://download.windowsupdate.com/d..._cd3b6f374205c026b1da2660db47e7975f97453e.msu
     
  6. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,655
    Messages:
    29,544
    Likes Received:
    58,538
    Trophy Points:
    931
    Spartan@HIDevolution and Vasudev like this.
  7. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,655
    Messages:
    29,544
    Likes Received:
    58,538
    Trophy Points:
    931
    July 27, 2021—KB5005394 (OS Build 17763.2091) Out-of-band

    • Updates an issue that might prevent printers, scanners, and multifunction devices from working. This issue occurs on devices that do not comply with a certain specification and use smart card authentication.
    This non-security update includes quality improvements. Key changes include:

    • Addresses an issue with devices that do not comply with section 3.2.1 of the RFC 4556 specification. Noncompliant printers, scanners, and multifunction devices might not work when you use smart card authentication (PIV). This issue occurs after you install the July 13, 2021 update on domain controllers (DC) in your environment. For more information, see KB5005408.
    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

    CU (Cumulative Update) dowload link - KB5005394
     
  8. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    41,655
    Messages:
    29,544
    Likes Received:
    58,538
    Trophy Points:
    931
    August 10, 2021—KB5005030 (OS Build 17763.2114) + KB5005112 as SSU August 10, 2021

    Highlights
    • Updates the default installation privilege requirement so that you must be an administrator to install drivers when using Point and Print.
    Improvements and fixes
    This security update includes quality improvements. Key changes include:

    If you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.

    For more information about the resolved security vulnerabilities, please refer to the new Security Update Guide website.

    Remember the servicing stack update must be installed first.
    1) SSU (Servicing Stack Update) - KB5005112
    2) CU (Cumulative Update) 17763.2114 - KB5005030

    August 10, 2021-KB5004332 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1809 and Windows Server, version 2019

    NDP35-48
    http://download.windowsupdate.com/d..._7d9404b45a7acdf861a74e1677281adc37e1097c.msu

    August 10, 2021-KB5004335 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10, version 1809 and Windows Server, version 2019

    NDP35-472
    http://download.windowsupdate.com/d..._7613753e77ad9cc37415a97b87f8ecb1babab07d.msu
     
  9. MarkNK

    MarkNK Newbie

    Reputations:
    0
    Messages:
    1
    Likes Received:
    4
    Trophy Points:
    6
    Hello all.

    Bare with me as it's just my 2nd day on Win10. I bited the bullet and switched from win7 to Windows 10 Enterprise LTSC 2019 (x64) thanks to this topic.

    Overall I'm happy with it, it's fast or even faster than Win7Sp1.

    Even though I'm on 11yr desktop (crazy GPU prices prevent me from upgrading), the full install took around 12min. Other tweaks took almost a day but I wanted it to look and feel almost like win7.

    [​IMG]

    For old PC like this (anyone runs on older?) I just had to create dvd iso (PowerISO did it no problem). Usb stick done with rufus just froze my bios as soon as I plugged it in (GIGABYTE GA-P55A-UD4, P55 mobo). Probably old bios not supporting usb boot (it had bios usb settings to make it work though), or maybe something wrong with pendrive.

    Anyway after clean install I treated it with:

    1) 2021-08 Servicing Stack Update for Windows 10 Version 1809 for x64-based Systems (KB5005112) (KB5005030 wouldn't even install without it),

    2) 2021-08 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5005030),

    3) ndp48-x86-x64-allos-enu (Framework 4.8),

    4) 2021-08 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809 for x64 (KB5004332),

    5) O&O ShutUp10 - Everything off.

    6) WPD.app - just telemetry button for safety. Nothing else to not interfere with O&O ShutUp10. If I applied all (-without advanced) on previous install, I couldn't even load Settings>Update&Security panel, so something just broke it and I don't have time to check what.

    After this:

    1) went to Settings>Update&Security>Windows Update and tried to update - error - so tweaks from O&O ShutUp10 worked just fine. Watched net movement graph in Task Manager for couple of minutes, zero movement,

    2) checked Settings>Update&Security>Windows Security>App & browser control>scrolled all the way down>Exploit protection settings> turned all to "Off by default". Maybe shouldn't do that?

    3) did some registry tweaks, disabled services I don't need, like Xbox, smartcard, printers etc. Left network settings alone (disabled just Client for Microsoft Networks in Ethernet Properties). I'm not so sure to disable anything else. Some enable just TCP/IPv4 and TCP/IPv6 protocol.

    Screens minutes after boot:

    [​IMG] [​IMG]

    Booted up without network, processes go down 80+, so there is probably room to disable some network settings:

    [​IMG]

    Botted up with network, let it sit for around 20+ min, literally 0 network and cpu activity, so I think it's debloated properly:

    [​IMG]

    But maybe I missed something?


    Now to the meritum...


    I have just some quirks that are new to me on this system and I can't seem to fix/get rid off. I even reinstalled just to check if its same on clean system before any tweaks and updates, and its the same.

    A) Sometimes I get this permission windows, when I click continue it lets me do anything as admin, so what's the point. It just one extra click but it's annoying and intrusive. Nothing from webs helped disabling that.

    [​IMG]

    or

    [​IMG]

    B) Minor, but ome program icons on desktop get this UAC shield. They just open normally without any warning, so again, why UAC on icons..

    [​IMG]

    C) Might be hardcoded, but before I get to the desktop, I see sign in screen with my picture and name that just loads for around 2-3s before I get access full access. Why there is no way to disable this?

    The only thing I could do is regedit it to make it have same wallpaper as my desktop so the transition is smooth. Still it steals some time (msconfig no GUI boot didn't help).

    I'll just note all this happens with UAC disabled and I'm only one using this PC, so no passwords etc, I have all admin rights (I hope?).

    [​IMG]
    [​IMG]

    I would be happy with a fix just for A) as it really seems odd.

    Also thanks for all the knowledge here (and to google that directed me here hehe). Really happy with change. Wish the next LSTB version will be the same, then we will be safe for next long years.

    Mark
     
    6730b, Rokobo, Vasudev and 1 other person like this.
  10. amihail91

    amihail91 Notebook Evangelist

    Reputations:
    17
    Messages:
    434
    Likes Received:
    59
    Trophy Points:
    41
    ISO in the link says Build 17763.316 - I assume that is out of date re: all these posts above?
     
Loading...

Share This Page