So Windows 10 22H2 is finally out. And that includes…well…um…just what exactly?
First, remember that there will be two releases of 22H2 this fall, one for Windows 11 and one for Windows 10. While there are many changes in Windows 11 22H2 (such as the newly released file tab explorer), Windows 10 22H2 is in Microsoft wordsa much more “volumetric” release, “focused on improving the overall Windows experience across existing features such as quality, performance, and security.”
I started looking at what’s included in the latest version of Windows 10 features, starting with an overview of changes like Group Policy.
There are only a few new Group Policies in Windows 10 22H2, ranging from browser settings to print protection and remote desktop sessions to local administrator lockout settings.
Here are the details:
- admx – Disable Windows ComponentsInternet Explorer HTML applications
This parameter determines whether the launch of the HTML application (HTA file) is allowed or blocked. If you enable this policy, the HTML application (HTA file) will be blocked from running. If you disable or do not configure it, the HTML application (HTA file) will be allowed to run.
- admx — Disable the Windows ComponentsInternet Explorer user HTML application
This parameter determines whether the launch of the HTML application (HTA file) is allowed or blocked. If you enable this policy, the HTML application (HTA file) will be blocked from running. If you disable or do not configure it, the HTML application (HTA file) will be allowed to run.
- admx — Configuring machine printers Redirection Guard
This determines whether Redirection Guard is enabled for the print spooler. You can enable this option to configure the Redirection Guard policy to apply to the spooler. If you disable or do not configure it, Redirection Guard will be enabled by default. If you enable this option, you can choose the following options: 1. Enabled: Redirection Guard will prevent file redirection; 2. Disabled: Redirection Guard will not be enabled and file redirection can be used by the spooler process; 3. Auditing: Redirection Guard will log events as if it were enabled, but will not actually prevent the spooler from using file redirection.
- admx – Disallow WebAuthn Redirection Windows Machine ComponentsRemote Desktop ServicesRemote Desktop Session HostDevice and Resource Redirection
This policy allows you to control the redirection of web authentication (WebAuthn) requests from a remote desktop session to a local device. This redirect allows users to authenticate to resources in a remote desktop session using a local authenticator (such as Windows Hello for Business, Security Key, or other). By default, Remote Desktop allows WebAuthn requests to be redirected. If you enable this policy setting, users will not be able to use their local authenticator in a Remote Desktop session. If you disable or do not configure this policy setting, users will be able to use local authentication in a Remote Desktop session.
- admx — Control whether exceptions are visible to local administrators. WindowsMicrosoft Defender Antivirus Machine Components
This setting controls whether exceptions are visible to local administrators. Exceptions are not visible to end users (who are not local administrators), regardless of whether this option is enabled. Disabled (default): If you disable or do not configure this option, local administrators will be able to see exceptions in Windows Security or through PowerShell. Enabled: If you enable this option, local administrators will no longer be able to see the list of exceptions in Windows Security or through PowerShell.
Note: Applying this setting will not remove the exceptions, it will only prevent them from being seen by local administrators. This is reflected in Get-MpPreference.
Even the new recommended options for Windows 10 Basic Security Level 22H2 are not unique to Windows 10 22H2. One of the recommended settings involves making changes to the administrator account. As noted in the baseline, “the new Allow Administrator Account Lockout policy located under Security SettingsAccount PoliciesAccount Lockout Policy is added to mitigate brute force authentication attacks.” Note: This change will apply to any version of Windows that has the October security updates installed. (Microsoft has even added this option to Windows releases going back to Windows 7 through its Enhanced Security Release Program.)
The main thing that the 22H2 edition brings is an extended lifecycle for Windows 10. Windows 10 22H2 Home and Pro editions will get 18 months of maintenance, and Enterprise and Education editions will get 30 months.
22H2 is currently available for those looking for Windows 10, those who go to Windows Update and click the “Check for Updates” button. If you have Windows 10 20H2 or later, this will be a quick update. But if you’re using an earlier version of Windows 10, it will take longer—if that’s the case, here’s what I recommend.
First, check if your video card drivers and firmware are up to date. Whether you’re running Windows 10 or 11, these releases run smoother with updated drivers and software. Next use Windows 10 ISO download page to jump your way to the 22H2 as soon as it is recognized as fully supported for all computers. Check the Update Now link to find what you need.
If you want to control when the 22H2 release will be installed on your system, there are several tools to help. You can use InControl from GRC to select the release of the desired feature. Alternatively, you can use the registry keys I have posted here to select the exact version of Windows 10 to install.
If you’ve deployed these registry keys, be aware that the IT settings for Windows Software Update Services and Intune will override your deferrals. Conversely, unless you, as an IT administrator, choose to approve the Windows 10 22H2 enablement package in your patch tool, your systems will not be prompted for the update.
Bottom line: Windows 10 22H2 has few changes and should be a minor feature update that causes few issues. I’ll probably approve it before release, most likely.
Copyright © 2022 IDG Communications, Inc.
https://www.computerworld.com/article/3677571/what-does-windows-10-22h2-bring-to-the-table-not-much.html#tk.rss_all