How would you stabilize/standardize/protect internet connected (non-negotiable) Windows 10 based computers (HMI, engineering workstations) that are connected to ICS network? We all know that Windows 10 wants to update very often, which sometimes disables/interferes with ICS/SCADA standard operation applications and services. Imagine there is no central AD, or some other central service to manage the machines, machines are used everyday but cannot be accessed by IT admins for management once put in place. Machines should be protected enough not to interfere with ICS/SCADA. Maybe some LTSC version with correct settings? Please advise At best there would be 2 solutions: 1. Windows 10 LTSC/LTSB without internet connection and "industrial configuration" with SCADA in mind 2. Windows 10 LTSC/LTSB with internet connection and "industrial configuration" with SCADA in mind Thank you!
Is to be debated also. That's why it's quoted In general, workstation should be set as a machine which does operational management and overview of SCADA, bulletproof, foolproof specific purpose machine instead of typical desktop computer. Something like workplace machine with gpo's but with more gpo's that help keep it stable (24/7) without IT helpdesk intervention. Something like a server but with clickable applications with gui.
Enterprise LTSC is really designed to applications like this. It's meant for industrial automation etc.
Sadly Windows is not suitable for such use. Unless you never ever connect to even local network, disable updates and connect whatever it needs to connect via USB only. And never change that setup Once you stick network cable to to, it is all over. That is why most appliances run some flavour of Linux