I wholly agree with you. Security-wise, common sense trumps anything from a “newer” build. Is there any evidence to suggest that Win11 21H2 is more secure than a fully updated Win10 LTSC (21H2)? As far as I can tell, even BlackLotus would be fully mitigated if the media was updated before installation. There’s enough zero-day malware floating out there at any given time that would have the same effect on a new build of Windows 11 or an outdated Windows version, and it isn’t getting better anytime soon.
Uh.. I almost forgot that facts and measurement units are outdated concepts at your place I'm typing on Win8 Release Preview, right now. What *I* expect is not relevant. What people expect IS. It's just matter of intellectual honesty. If you tell to non expert / less expert people that "A" is the same thing as "B", while B has MANY major difference you're not doing a good thing. And my too, but what that has to do with what was discussed here? Pro is worse than LTSB/C, Period. And it's still worse even when you make what I call "GhettoLTSB". Cleaning and removing as much as you can, tweaking policies and so on the result has still disadvantages over the real thing. It's pretty simple, unless you like to debate just for fun.
I agree, which is why I use LTSC, but I never chose it for the 10 years of supposed support. I chose it because it doesn't have the store. I chose it because it doesn't auto-add store apps. I chose it because it doesn't automatically use web-searching in the taskbar. I don't even download updates anymore. It's one of the first things I disable after installing the OS. Unless I specifically need a newer .NET version for something, I really find that there isn't any point when you don't want the security updates. All it seems to do is bloat up your system and slow it down. As far as debate, you're the one who tagged me in. Either stop tagging me in or wait till I get bored of replying.
I think the main idea behind win11 was that your data would already be encrypted with bitlocker which was forced with TPM chips. That was the major concern at the time. Most of us know that the encrypted ransomware was only one of many types of malware out there. I feel like a lot of the security updates are a bit counter-productive. They release and give the hackers a good idea of what processes to exploit on un-patched systems. It's a bit of a catch-22. If they never released the updates until they found the malware in the wild, it would cut down on a lot of unnecessary bloat, but at the same time it would make the system less secure over time. I think Vista's update system is a bit outdated. I think they could have a system where they hold onto old updates for 3 or 6 months and then remove them. All of the patched updates get integrated into the newer code, so it's not like the update process is pointless. It just happens to annoy me, personally. It's pretty ironic given how I started.
Sometimes one quote a message not to debate with the person who posted it, but just as a starting point to extend/integrate the discussed matter. That said I share most of your personal preferences, but given we aren't discussing privately, I must take in account that other people read what I write, so I try to not be fundamentalist
I think turning on bitlocker by default is a terrible idea for home users. I have seen many cases of lost data due to drive failure. Asking the owner if they saved the key results in "deer in the headlights" looks. They don't have a clue.
A terrible idea that is already enforced on 99% of Android devices let alone the iPhones, be sure that this will be the case of Windows as well in less than 5 years.
I believe that the only updates now required to update the Windows 10 IoT Enterprise 2021 media (without NDP481) are as follows: Defender Update defender-dism-x64.cab LCU 07/11/2023 windows10.0-kb5028166-x64_fe3aa2fef685c0e76e1f5d34d529624294273f41.msu NDP35-48 07/11/2023 windows10.0-kb5028853-x64-ndp48_6d85da3883386e6e72037cca91eb745df82bbd86.msu DU for Sources 7/11/2023 windows10.0-kb5028311-x64_8750fa3c7e42f95fc70d36ee33526009a431dd24.cab Critical DU for .NET35 11/22/2021 windows10.0-kb5007401-x64_f1bf61d834bb8d9951c7efa23454643daae195b0.cab DU for SafeOS 6/13/2022 windows10.0-kb5027389-x64_8d1880d95f920fc8a4c2d96ca8d3b44f3e044581.cab If I am incorrect, please advise. I'm assuming that the NDP35-48 OOB updates are no longer necessary with the new cumulative update, but I'm fairly new to this - I've only recently been updating the media to save on build times.
you can check it's version with 7-zip and any text editior (I prefer Notepad++) download msu or cab, open it with 7-zip inside cab file you'll find text file update.mum with version number inside of it if OOB update's version is lower then it's outdated KB5028853 - 4645.5 OOB is 4645.1
Thank you. That makes a lot of sense. One thing does throw me off though. kb5029006 was released back on 29-Jun. It was actually version 4500. Do you have any idea why they'd release an OOB update when the 16-Jun NDP35-48 kb5027122 was version 4644? Doesn't that make it a useless update? Please pardon my ignorance in advance. I'm really tying to understand Microsoft's logic, but I'm probably missing something.
.NET 3.5 OOB updates are still needed (KB5029006 ~ KB5029009 / KB5028913) .NET 4.8 OOB updates are not needed (KB5028576 ~ KB5028582) components version is what matter, not update version
net48 and net481 OOB updates are usually have the same update version range and it's correlate with components versions yes, in case of net35 updates it's not enough to check update version for example: KB5029006 - amd64_netfx-sos_dll_b03f5f7f11d50a3a_10.0.19200.845_none_ea8becae565ffd46.manifest KB5028853 - amd64_netfx-sos_dll_b03f5f7f11d50a3a_10.0.19200.840_none_ea8c5e96565f7d21.manifest KB5028849 - amd64_netfx-sos_dll_b03f5f7f11d50a3a_10.0.19200.840_none_ea8c5e96565f7d21.manifest it's clear that net35 OOB update isn't included in the latest net48 and net481 CUs
Is there any script to generate ISO image WINDOWS 10 LTSC IOT and LTSC... Thanks Spoiler: Original post in Portuguese Existe algum script para gerar imagem ISO WINDOWS 10 LTSC IOT e LTSC... Obrigado
"You can try this beta stage tool, it's set to add the IoT Enterprise 2021 LTSC index to the existing indexes inside install.wim (settings can be edited inside the cmd txt):"