• United States



Contributing Writer

8 steps to make sure Microsoft Windows 10 1903 is ready for deployment

Jun 19, 20196 mins
Network SecuritySecuritySmall and Medium Business

Follow these steps to identify problems that might crop up when you update to the Windows 10 1903 release.

windows 10 windows microsoft laptop keyboard update  by nirodesign getty
Credit: NiroDesign / Getty Images

The May 2019 release of Microsoft Windows 10 1903 is now available to all who click on “check for updates” as long as there is no blocking issue with the machine. Microsoft is no longer using the term “semi annual targeted” in respect to Windows releases. Nor will it use “current branch” or “current branch for business,” the terms that Microsoft used for previous releases.

These had been indicators that the releases were vendor tested, approved and ready for widespread deployment. Without these indicators, how can you determine if your firm is ready for deployment of security and other Windows updates? Here are some tips

1. Follow known issues online

You can follow the known issue page for 1903 to review what issues Microsoft is tracking and when they will be resolved. One new way to track issues is to follow the Windows Update twitter account. As they post late-breaking known issues, you’ll be alerted to investigations and resolutions that Microsoft has identified.

2. Review your security software for 1903 support

You should also review what security software you use in your environment and if it supports 1903. Several vendors have already had issues with 1903 and some even recommend holding off until the issues are fixed. Next look to any tools you use to deploy or manage your operating systems and determine if they support 1903.

3. Make sure you have the latest servicing stack

For a successful updating experience, ensure that you have the latest servicing stack update installed on the build of Windows 10 you are upgrading from. It is not necessary to be on Windows 10 1809 before updating to Windows 10 1903. You can skip feature releases and jump to the version your software is supported on.

4. Review line-of-business software for .NET 4.8 support

Before deploying any new feature release, review the key line-of-business (LoB) software that your business depends on. If you do not have such a master list, use any number of PowerShell Scripts to inventory and build a report. Review this listing and identify the software that is key to your firm. Pay attention to LoB support of .NET. Some LoB software specifically only supports a certain version of .NET and you must wait for vendor approval before updating. The 1903 release specifically includes .NET 4.8 in its release. In a change from the past, .NET 4.8 is now also separately available to be installed on prior versions of Windows 10 feature releases.

5. Deploy on a test bed before going live

Even with published vendor support documentation, the best way to deploy Windows 10 either as an upgrade to Windows 7 or new deployments to Windows 10 is probably to have a test-bed deployment. Identify key departments in your organization that need to maintain full productivity. Next, identify a few individuals in those departments that will be both your beta testers as well as your tech enthusiasts for the department.

The beta testers should have good communication skills and regularly use a variety of software that your firm depends on. Empower these users with special feedback processes and help desk communication so that they get priority. It can be as simple as ensuring they know how to use the steps recorder app in Windows 10 and they have an email alias they can send reports to.

6. Check apps for browser support

Review what browsers your applications support. If they still rely on older Internet Explorer technologies, ensure that a feature release is compatible with any internal software you depend on.

7. Take time to review the fixed issue list

I review the fixed issue list in the various feature releases for a few months before determining if they are ready for deployment. In particular, look at the releases that come toward the end of each month and review what bugs have been fixed and if they would have affected you. These end-of-month releases are called C/D week releases and are previews of bug fixes that will be included in the following months second Tuesday security releases. They give an indication of how buggy a release might be. For example, for 1903, the first bug fixes in the late May release included fixes that addressed issues that:

  • Prevent custom URI schemes for application protocol handlers from starting the corresponding application for local intranet and trusted sites on Internet Explorer.
  • Prevent certain apps from launching when you set folder redirection for the Roaming AppData folder to a network path.
  • Turn off night-light mode during display mode changes.
  • Distort the rendering of a full-screen game when the Microsoft Game bar is visible on top of the game.
  • Prevent the removal of Bluetooth peripheral devices from some systems with specific Bluetooth radios.
  • Cause event 7600 in the Domain Name System (DNS) server event log to contain an unreadable server name.
  • Create a mismatch between dots per inch (DPI) of the guest and the host.
  • Cause an external USB device or SD memory card to be reassigned to an incorrect drive during installation. 
  • Prevent a file share witness from removing Server Message Block (SMB) handles, which causes a server to eventually stop accepting SMB connections.
  • Prevent an application protocol URL from being opened when hosted on an intranet page.
  • Prevent BranchCache from using more disk space than assigned for the republication cache when it’s in distributed cache mode. To fully address the issue, devices that have exceeded the disk space assignments should empty BranchCache using the netsh branchcache flush command.
  • Prevent some Direct3D applications and games from entering full-screen mode if the display’s orientation has been changed from the default.
  • Prevent a problem creating a Windows catalog file on an x64 system using Windows System Image Manager.
  • Cause a delay when loading many unsigned DNS zones related to the Domain Name System Security Extensions (DNSSEC) feature.
  • Prevent a problem related to input–output memory management unit (IOMMU) virtualization with third-party hypervisors

8. Review your deployment and provisioning policies

If you do not see any major issues that would impact you, and your pilot testing does not identify any issues, it’s probably safe to begin the rollout. Finally start reviewing processes that you currently use for deploying and provisioning systems. Windows 10 Autopilot, SCCM and Intune are all making changes and improvements to make getting Windows 10 out to end users faster and less painful for you the IT administrator. Start testing 1903 now.

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for, is a moderator on the listserve, and writes a column of Windows security tips for In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

More from this author