In this article Microsoft Windows IT Pro MVP, Rory Monaghan details his Windows 10 migration checklist. He details the steps you need to consider and the tools he recommends to help you complete a successful migration.
Before structuring a Windows 10 project, you must first define your minimal viable product. What does a successful end product look like? You need to keep some important factors in mind.
While a desktop migration project is a good time to transform your end-user experience, time is now against you. Microsoft has revealed the pricing for extended Windows 7 patches. If you are a Pro customer, the price is pretty steep. If you an Enterprise customer it’s still nothing to scoff at. If you haven’t started your migration work yet, you may not be able to complete 100% of the work before Windows 7 End of Life in January 2020 but even getting to 80% will lower the cost to your organization significantly next year and in the future.
Time and resources are always the biggest constraints. You obviously have limited time with the Windows 7 EoL just months away. If you do not have a large team to complete the project, you’ll also have limited resources meaning a full desktop transformation may not be possible at this time. Your minimal viable product may not feature transformative tech like a modern profile management solution, standardization on 64-bit across the entire company, significant security, modern application delivery, hardening, etc.
There are still some quick wins and various things you can do as part of the migration to set yourself up for transformation down the road.
Share this Post
1. Minimal viable product (MVP) considerations
If you have some critical legacy applications that you need to bring forward that are 16-bit, you may not have time to find a suitable path forward for these right now. This may prevent you from standardizing on 64-bit Windows 10. However, in order to make the most of modern hardware, it is still a good goal in the future to standardize on 64-bit and make a plan for your 16-bit applications.
You will need to gather a list of your applications for your migration anyway. You will also need to test applications and remediate any that do not work. Through the course of this project, you will be able to identify your 16-bit applications either through manual testing or by using an application compatibility tool like AppDNA. You can then set those aside for a future project to standardize on 64-bit.
If you do have 16-bit apps that just won’t work on Windows 10 or even today do not work on Windows 7 and require you to run these on an unsupported legacy OS, you could consider a container tool like Droplet Computing to help make these at least a little more agile.
In some cases, it’s not just 16-bit components that prevent adopting a 64-bit OS. Some organizations need to run old peripherals that do not have 64-bit drivers. Some applications will work on 64-bit but the vendor does not officially support 32-bit, depending on the application and the organization, this could also require keeping a 32-bit OS.
Tools and resourcesDroplet container for Windows.
Unified Extensible Firmware Interface (UEFI)
Another piece of the 64-bit puzzle will be UEFI. Standardizing on UEFI now will not only help modernize your desktops at a low level right now but will also help with 64-bit. Legacy BIOS used Master Boot Record which is 32-bit and limits the number of partitions and partition size allowed and in general, it limits the type of drives and drive size that can be used and much more. Legacy has become dated with hardware vendors favoring UEFI for several years now. If you haven’t already switched to UEFI, you should now. It should be part of your MVP.
Before you can really begin with creating your Windows 10 image, you’ll want a list of hardware you will support for your Windows 10 rollout. You will want to ensure you gather any and all drivers required by those hardware sets. If you are an Acer, Dell, HP, Lenovo or Microsoft hardware shop AND an SCCM user, you should check out the great Driver Automation Tool by Microsoft MVP, Maurice Daly.
You should also identify any and all peripherals in use in the organization to ensure the vendors certify and support these on Windows 10 e.g. printers, scanners, signature pads, etc.
Tools and resourcesDriver Automation Tool.
While it may be too late to consider significant security hardening and bringing in products like Credential Guard, Device Guard, etc. there are a few areas worth considering. Are users local admins today? Do they really need to be? As recently as 5 years ago some organizations felt caught in a trap by having users as local admins rather than figuring out if they could work as standard users. Applications have improved considerably in that time. You should be able to make that leap now if you have not already.
Did you turn on User Access Control (UAC) in Windows 7 or Windows 8? If not, this could be the right time to do it. This one is a little more risky for those with old applications. I would be willing to bet at this point, the vast majority of your applications will work without issue with UAC on. If they will not, your application compatibility analysis tools should tell you and if you are using AppDNA in particular, it gives you pretty specific instructions on how you can shim the applications to suppress the UAC prompts.
Some of the obvious security considerations here will be around anti-virus. Will you continue to use what you have today or use this time to switch to an alternative? Firewall and disk encryption alternatives may also be worth considering at this point but I strongly suggest you have these points addressed and in place before beginning your pilot phase of the project.
Recently, Microsoft’s Chris Jackson posted an article advising customers to no longer use Internet Explorer as their default browser. In the article, Chris doesn’t recommend any specific browser to move to but does let the readers know that using Enterprise Mode with Edge is an option. Microsoft also recently announced they will be changing to a browser using a Chromium base in future which looks like an end to Edge, at least in its current form. In a previous article, I discussed the state of the browser in enterprise IT and more specifically discussed deploying Chrome.
It’s evident that users want, and the enterprise needs, a suitable modern browser. You should decide what browser that will be and how you will manage it and test as part of your Windows 10 rollout.
If your current standard browser is Internet Explorer 10 or earlier, you may find you have a lot of work to do with bringing your web apps forward to IE11 or a modern browser.
This one is likely for the End User Computing team as they will be aware of what should and should not be in the image but it’s important to define this early to begin the work while the project is still getting formalized. You also need to decide a few things e.g.
What version of Windows 10 will the base image use? v1803? v1809?
At the time of this posting, the majority of Windows 10 enterprise users are migrating from v1709 to v1803.
You will also want to define what bloat should be taken out of the Windows 10 image e.g. games and applications your user won’t need and shouldn’t have.
What applications will get into the image? I typically put Microsoft products that are required by all users into the image for patching purposes and to expedite how long it takes to re-image a machine. The apps that go into your image will be unique to your organization.
If you are taking the opportunity to deploy Office 365, you’ll want to ensure you are testing this too.
Other ways to help your desktop transformation effort in future
I am not a huge advocate for application compatibility tools. The reporting can be inaccurate. However, for the purposes of bulk loading your applications and getting a high-level overview of the level of effort required makes it worth the effort, in my opinion.
You can also leverage this data for weeding out your 16-bit applications, applications that are likely to trigger UAC prompts, etc. All of which will help with the Windows 10 migration.
AppDNA can also report on whether an application is suitable for application virtualization and show applications that likely won’t work in a multi-user shared environment like RDSH etc. The end result is also a database of all of your applications, you can actually identify all applications that install files or registry into user locations which can be a big help in the future when rolling out a modern profile management solution like AppSense.
With AppDNA, you could also automatically convert your applications to App-V while performing the application compatibility analysis. It doesn’t mean you have to use or deploy the App-V application but doing this conversion can help slim down your desktop in future, expedite migrating applications into RDSH, and even help with a quick conversion to Microsoft’s new MSIX format which supports automated conversion from App-V, as they share the same universal applications standards.
Once the MVP has been defined, the End User Computing team should get started on creating the Windows 10 image.
Share this Post
2. Project planning
Once the decisions are made, you can set the scope of your project with the above guidelines for your minimal viable product. Before beginning the project work, you should carry out your project planning.
Assemble project team
You’ll want to gather a team spanning many different departments. You’ll need your field technicians who will support the rollout in your offices, you’ll need your End User Computing team with skills including image and build creation, application packaging and deployment. They should know the operating system very well. You may want to engage liaisons who can help with data rationalization and department outreach. It’s also important to engage with the leadership of these departments and the Windows 10 project stakeholders.
Acquire tools for completing the work
Your decided minimal viable product will likely determine some of the tooling you will use. You may need to acquire some of the tools, you may already own them. If you have a locked down well-managed environment, you can likely get away with pulling your application list from your current deployment tool e.g. SCCM. Otherwise, you’ll want to use something like Microsoft’s Upgrade Readiness tool, Microsoft Assessment and Planning Toolkit, ACT Collectors or LakeSide SysTrack.
If you have a large set of applications and a big team to manage, a tool like Migration Studio can really help with coordinating the project and managing parallel work streams.
If you decided to change anti-virus or any other critical piece, you’ll want to get these tools in place too.
Tools and resourcesUpgrade Readiness, Microsoft Assessment and Planning Toolkit and LakeSide SysTrack.
Some changes are NOT improvements. Find the right tools for your work.
The Snipping Tool that people grew to love in the past has seen major updates in recent releases of Windows 10 changing to the Snip & Sketch feature which suits some people’s workflows but has become quite the bugaboo for others who liked the ease of use with the Snipping Tool. It has been such a point of contention in my most recent Windows 10 migration project that the customer actually acquired TechSmith SnagIt licenses to address various department’s complaints.
I actually used App-V to deliver SnagIt and even to deliver some FSLogix (recently acquired by Microsoft) rules to ensure only those licensed to use SnagIt would see it on shared workstations.
Tools and resourcesFSLogix App Masking – Real-world examples
Set strategy based on time and resources allocated
Realistically, if you are just starting your Windows 10 migration now you are already up against it time-wise. In a medium to large sized organization, you will need several dedicated resources to get the majority of your PCs and Laptops upgraded to Windows 10 by January 2020. If you do not have the resources, this could define your strategy. The correct way to execute a Windows migration is to gather a list of your applications, which you could do with Upgrade Readiness tool, ACT Collectors or LakeSide SysTrack. You would then rationalize that list of applications e.g. does the organization really need 5 different PDF Creators? Why not bring it down to 1. It’s less work for your packaging team and will likely lead to cost savings. You have legacy versions of Java or Flash out there, are they really required? If so, why bring those forward?
Microsoft Assessment and Planning Toolkit can also gather some limited application related information and some very useful hardware level data.
If you do not have the people to complete this type of work you may have to rely on each department to provide you a list of the applications they require in order to do their jobs. You can then ensure this is something you already deployed to them via your software distribution tool today e.g. SCCM. If you did, you can just ensure they get that same package deployed to them on their new Windows 10 desktop and can test with that. It’s far from ideal but for small teams may be the only approach that’s feasible.
Create the official project plan
Based on the MVP and the strategy defined, you will want to map out each work item that must be completed for the project and assign a resource. Microsoft Project is an old favorite for Project Plans or you might use a more modern 3rd part app, that is up to you.
Setup project meetings and communication channel
You will want to have weekly project meetings as a group to ensure you are operating like a well-oiled machine. Communication is of vital importance for a successful project. You should also consider setting up an e-mail Distribution List for all involved in the project. Slack or Microsoft Teams can also be useful along with Migration Studio for real-time communication and checkpoints.
Tools and resourcesMigration Studio.
Identify pilot groups
You will need to identify departments that are good candidates to be your first Windows 10 users. It is very important to have all of the pieces in place for your MVP to ensure what these initial pilot groups are testing is representative of what all users will get. Remember, it’s also a way for you to test our your overall process and ensure it works well before proceeding with other departments.
To be successful you should ensure the first users in these pilot groups that get Windows 10 cover all relevant roles in that department e.g. if a department has level 1, 2 and 3. Ensure you get people of each level. If people have different work they do, make sure you get them too.
Draft migration schedule
Determine the other department you’ll be migrating after the pilot and what dates you plan to migrate them. It’s important to do this early because you may need to account for certain time constraints per department e.g. in healthcare some hospitals are busier in winter months than summer, finance departments are busy at the end of fiscal quarters and years, etc. You don’t want to disrupt the business.
Share this Post
3. Engineer & deploy
Finalize and test image
You should have already started creating your image and working on it before the project planning formally began. At this point, you should have all of the drivers relevant for the hardware you’ll be deploying on and you should know what apps will be part of your build.
You’ll want to get a sample of all of the different hardware you’ll be deploying to and test on each.
It is also very important to test data migration. If you use AppSense today on Windows 7, you may opt to migrate your user’s data using that. Otherwise, you may use Microsoft’s User State Migration Tool as part of your build process.
Tools and resourcesUser State Migration Tool (USMT)
Create Quick Start Guide & training document
You may want to publish a simple web page with an introduction to your new Windows 10 experience for users. You’ll also want to print a short Quick Start Guide to leave at each PC for your end users. Of course, next day support should be in their area to field any questions they might have but training material is always helpful both in the short and long term.
Application inventory collection
If you are well managed and intend to just refer to the packages and applications in your distribution tool today, you should export that list and ideally, get metrics on the apps that have the most deployment and highest utilization.
If not all apps in your organization are deployed via SCCM or another tool. You should deploy Upgrade Readiness tool, ACT Collectors or LakeSide SysTrack and gather a list of the applications on your users’ machines today and gather info on utilization to know which are the highest impact apps. It’s a good idea to deploy these tools pretty widely in the organization and to leave them out there for 2-4 weeks collecting data.
Optionally, you could just deploy these tools to each department as you tackle them for your deployment. E.g. We want to upgrade HR in 6 weeks. Let’s deploy the tool now. Gather the data and go from there.
If you detect applications that are not being utilized, you should talk to your department and determine if the application is required or not.
If you detect multiple different applications that provide the same function e.g. PDF Creator you should talk to each department using these and determine if you can standardize on just one.
The end result ideally is a shorter list of applications for you to deploy and test and hopefully fewer with application compatibility issues that require remediation.
Application compatibility analysis
Take your rationalized list of applications and run them through a tool like AppDNA. This will let you assign your packaging resources appropriately. You should be able to see which applications will require significant remediation efforts or even those that will just not work at all.
Application packaging and remediation
The good news is that your application compatibility analysis should not show too many big roadblocks. Microsoft has done a relatively good job assuring that your desktop application that works on Windows 7 today will work on Windows 10. The big exception will be if you use all 32-bit Windows 7 today and try to move to 64-bit. You may have a tougher time than others.
With Windows End of Life looming as I stated, you may not be trying to transform the desktop much due to lack of time and resources. In which case, you can hopefully just deploy the package you already use today on Windows 7.
Some application may require repackaging and remediation. This effort is usually the most complex and time-consuming part of a desktop migration project. DO NOT underestimate the level of effort required here. Ensure you leave enough time to get the apps complete for each department. You should consider bringing in extra help for this work.
It’s also worthwhile documenting any issues encountered per app and organizing all package, source media and documentation so you have them in future when attempting to transform the end user experience.
Further readingWindows 10 migration plan.
With a well-tested image, successful pilot and applications past the rationalization, analysis, packaging and remediation phase you should be ready to start rolling out Windows 10 to the masses. If you have multi-casting (which pretty much everyone does, you should verify with your Network Admins to be sure) you should be able to roll out to entire department relatively quickly. You shouldn’t deploy to too many departments at once. Only deploy to as many departments as you can provide next day support to.
4. Wrap up
When the migration is complete. Hold a final meeting to discuss lessons learned and further work required based on discoveries made during the migration effort.
Share this Post
About the author
Rory is Algiz Technology’s CTO Americas. A man of many talents, he’s a Microsoft Windows IT Pro MVP, international speaker and contributes to the online App-V community via his blog: Rorymon.com.
How can Source One Technology help?Source One Technology provides desktop support services to schools, businesses, churches, and nonprofits across Milwaukee, Waukesha, Kenosha and Racine counties.
Get in touch now to see how we can help you with your cloud migration and application security.