So, Home windows 10 22H2 is lastly out. And it consists of…nicely…um…simply what precisely?
First, keep in mind that this fall brings two 22H2 releases: One for Home windows 11, one for Home windows 10. Whereas Home windows 11 22H2 has loads of modifications (similar to File Tab explorer, which simply rolled out), Home windows 10 22H2 is, within the phrases of Microsoft, a way more “scoped” launch “targeted on high quality enhancements to the general Home windows expertise in present characteristic areas similar to high quality, productiveness, and safety.”
I went seeking what’s included within the newest characteristic launch for Home windows 10, beginning with a glance into modifications similar to group coverage.
There are solely a handful of latest group insurance policies in Home windows 10 22H2, starting from changes within the browser to protections for printing and distant desktop periods to native administrator lockout settings.
Listed here are the main points:
- admx — Disable HTML Software Machine Home windows ComponentsInternet Explorer
This setting specifies whether or not working the HTML Software (HTA file) is blocked or allowed. Should you allow this coverage, working the HTML Software (HTA file) might be blocked. Should you disable or don’t configure it, working the HTML Software (HTA file) is allowed.
- admx — Disable HTML Software Person Home windows ComponentsInternet Explorer
This setting specifies whether or not working the HTML Software (HTA file) is blocked or allowed. Should you allow this coverage, working the HTML Software (HTA file) might be blocked. Should you disable or don’t configure it, working the HTML Software (HTA file) is allowed.
- admx — Configure Redirection Guard Machine Printers
This determines whether or not Redirection Guard is enabled for the print spooler. You’ll be able to allow this setting to configure the Redirection Guard coverage so it’s utilized to spooler. Should you disable or don’t configure it, Redirection Guard will default to being enabled. Should you allow this setting you’ll be able to choose the next choices: 1. Enabled: Redirection Guard will forestall any file redirections from being adopted; 2. Disabled: Redirection Guard is not going to be enabled and file redirections could also be used inside the spooler course of; 3. Audit: Redirection Guard will log occasions as if it have been enabled, however is not going to truly forestall file redirections from getting used inside the spooler.
- admx — Don’t permit WebAuthn redirection Machine Home windows componentsRemote Desktop ServicesRemote Desktop Session HostDevice and Useful resource Redirection
This coverage permits you to management the redirection of internet authentication (WebAuthn) requests from a Distant Desktop session to the native system. This redirection permits customers to authenticate to sources contained in the Distant Desktop session utilizing their native authenticator (e.g., Home windows Hey for Enterprise, safety key, or different). By default, Distant Desktop permits redirection of WebAuthn requests. Should you allow this coverage setting, customers cannot use their native authenticator contained in the Distant Desktop session. Should you disable or don’t configure this coverage setting, customers can use native authenticators contained in the Distant Desktop session.
- admx — Management whether or not or not exclusions are seen to Native Admins. Machine Home windows ComponentsMicrosoft Defender Antivirus
This setting controls whether or not exclusions are seen to Native Admins. For finish customers (who are usually not Native Admins) exclusions are usually not seen, whether or not or not this setting is enabled. Disabled (Default): Should you disable or don’t configure this setting, Native Admins will be capable to see exclusions within the Home windows Safety App or by way of PowerShell. Enabled: Should you allow this setting, Native Admins will now not be capable to see the exclusion checklist in Home windows Safety App or by way of PowerShell.
Notice: Making use of this setting is not going to take away exclusions, it can solely forestall them from being seen to Native Admins. That is mirrored in Get-MpPreference.
Even the brand new advisable settings for Home windows 10 22H2 Safety baseline are usually not distinctive to Home windows 10 22H2. One of many advisable settings consists of modifications to the administrator account. As famous within the baseline, “a brand new coverage Permit Administrator account lockout, positioned beneath Safety SettingsAccount PoliciesAccount Lockout Coverage is added to mitigate brute-force authentication assaults.” Notice: any model of Home windows that has the October safety updates put in could have this modification. (Microsoft has even added this setting to Home windows releases going again to Home windows 7 via their prolonged safety launch program.)
The principle factor the 22H2 launch brings is an extension to the life cycle for Home windows 10. Home windows 10 22H2 Residence and Professional editions will obtain 18 months of servicing, whereas Enterprise and Schooling editions will get 30 months.
Presently 22H2 is accessible for Home windows 10 seekers, those who go to Home windows replace and click on on “verify for updates.” Should you’re on Home windows 10 20H2 or newer, will probably be a quick replace. However in case you’re working an earlier model of Home windows 10, it can take longer — if that’s the case, right here’s what I like to recommend.
First, verify to see whether or not your video card drivers and firmware are updated. Whether or not you utilize Home windows 10 or 11, these releases go smoother with up to date drivers and software program. Subsequent, use the Home windows 10 ISO obtain web page to leapfrog your approach to 22H2 as soon as it’s deemed totally supported for all computer systems. Examine the “Replace now” hyperlink for what you want.
If you wish to management when the 22H2 launch will get put in in your system, there are a number of instruments to assist. You should use InControl from GRC to pick the precise characteristic launch you need. Alternatively, you should use the registry keys I’ve posted right here to pick the precise model of Home windows 10 to put in.
Should you’ve deployed these registry keys, remember that the IT settings for Home windows Software program Replace Providers and Intune will override your deferrals. Conversely, in case you because the IT admin don’t select to approve Home windows 10 22H2 enablement package deal in your patching device, your techniques gained’t be provided the replace.
Backside line: Home windows 10 22H2 has few modifications and ought to be a minor characteristic improve that causes few points. I’ll most likely be approving it for launch sooner fairly than later.