Top ten enterprise features in the Windows 10 October Update
Image 1 of 9
As well as the improvements to the Windows and Edge user interfaces and consumer tools like Mixed Reality Flashlight, the Windows 10 October 2018 update comes with some solid improvements aimed at enterprises, especially in security.
There’s a simpler user interface for users to see the state of their systems, which is now just called Windows Security. You can see the highlights under Settings / Update & Security / Windows Security, or launch the full view from there or directly via the system tray. The ‘Virus & threat protection’ section shows any action you need to take to protect your system, and includes some new controls that you can also manage centrally.
If you’re not already controlling Windows Defender Application Guard (WDAG, which opens Edge in an isolated VM for security), there’s now a link to install it from the App & browser control section of Windows Security, under ‘Isolated browsing’. With WDAG on, you can use Group Policy to allow files to be downloaded in Edge to the host PC: under Administrative Templates / Windows Components / Windows Defender Application Guard, select ‘Allow files to download and save to the host operating system’ from Windows Defender Application Guard.
Controlled folder access stops ransomware corrupting files, but this can also block legitimate apps from editing common folders like Documents and Pictures. To fix this, choose Windows Security / Virus & threat protection settings / Ransomware protection / Manage ransomware protection, and select ‘Allow an app through controlled folder access’ and ‘Add an allowed app’.
You can now block DMA access for Thunderbolt devices while a PC is locked — which can be an attack vector — using the IOMMU. Choose Device security / Core isolation / Core isolation details and set ‘Memory integrity’ to on. External GPUs connected via Thunderbolt 3 can be safely ejected from the Safely Remove Hardware and Eject Media icon in the system tray.
Windows Security now integrates third-party tools. Choose Settings / Security providers / Manage providers to see all the antivirus, firewall and web protection agents running on a device.
Edge also has some HTTP/2 improvements. As well as using connection coalescing to speed up sites that use sharding (which improved performance for HTTP/1.1 but slows down HTTP/2), it can cope with sites that list cipher suites in the wrong order. Instead of terminating the connection, it negotiates the correct encryption from the server’s list of allowed and banned protocols.
Command line and WSL improvements
The October 2018 Update adds a brand new pseudo-console infrastructure, ConPTY, that allows console applications (from Microsoft or other software developers) to use UTF-8 encoded text/VT connections to command-line applications instead of calling the Windows Console API. That improves compatibility with the command-line interfaces of Linux binaries you run with Windows Subsystem for Linux (WSL) and unlocks new features like the 16 million RGB colours that Windows supports at the command line that aren’t being added to the Console API.
The Windows Console already supports using Ctrl-C and Ctrl-V for copy and paste, but for Bash and other Linux shells that you can use with WSL you may prefer to save Ctrl-V and insert the next key combination you press without running it (Ctrl-C works as cancel, but only when a process is running, so you wouldn’t be able to copy anyway). If you want alternative copy and paste shortcuts, right-click on the title bar of any Console window and choose Properties then select ‘Use Ctrl+Shift+C/V as Copy/Paste’ to turn on those shortcuts.
You can now launch a Linux shell for the current folder from File Explorer, not just a command prompt or PowerShell console. Hold down Shift and right-click on the folder name, then choose ‘Open Linux shell here’. If you’re already in the folder, type ‘bash’ into the address bar.
WSL processes now go through the Windows Firewall and can have firewall rules and exceptions applied. So if you run an SSH or web server in WSL, you’ll see the Windows Firewall prompt to open an outside port, the same as with native Windows processes.
There’s a new wizard to make it easier to set a device up as a single-app kiosk or digital sign. To create the kiosk account and assign the app to run, choose Accounts / Family & other users / Set up a kiosk / Assigned access / Get started. Edge also now has a kiosk mode with either a single website running full screen or multiple tabs; both use InPrivate. For a multi-app kiosk, you can also run a full version of Edge.
Non-admin font install
Previously, Windows fonts have been installed for all users, so installing a font needed admin privileges. That meant either giving any user who needed to install new fonts an admin account, or making them wait for an admin to log in and approve the install. Fonts from the Windows Store already install without admin privileges, and in 1809 that also applies to any font. Right-click on the font file in File Explorer and choose ‘Install’ rather than ‘Install for all users’. If the font is in a ZIP file, you can’t right-click, but you can double-click the font to open it in the font previewer and click ‘Install’.
Change system font sizes
As well as several improvements to the accessibility tools like Narrator and Magnify, it’s now easier to change the font size across Windows — including Start, Settings, control panels and apps like File Explorer — to help users who find it hard to read small fonts. Choose Settings / Ease of Access and drag the slider under ‘Make text bigger’ to a comfortable size.
Leap second support
Windows 10 now supports the occasional leap seconds used to adjust UTC time about every 18 months, a new precision time protocol for organisations that need the highest accuracy for industrial, weather or flight control uses, and more accurate network timestamps that remove the delay introduced by Windows networking. Windows Security / Device performance & health now covers the Windows time service; if your device time or date is so wrong that it can’t connect to a time server to sync the correct time, you’ll see an option to turn time syncing back on.
More details on power use
Task Manager now includes ‘Power usage’ and ‘Power usage trend’ columns that show how much power an app uses — including CPU, GPU and disk usage — to help diagnose apps that could be responsible for poor battery life.
Wireless projection bar
When you project your PC screen wirelessly to a second screen or another PC, a bar now appears at the top of the screen, much like when making a Remote Desktop Connection. This puts the Disconnect button where you can easily find it and also lets you pick the screen latency. Games mode minimises screen latency, Video mode increases latency so videos play more smoothly, and Productivity is in the middle to balance responsive typing and smooth screen updates.
tLTE mobile broadband in Windows 10 now uses the new Net Adapter driver framework as the default for generic drivers, both for USB modems and SIM cards connected over the internal USB bus. This is shown in Device Manager as the Generic Mobile Broadband Cx Net Adapter. If that causes problems, you can go back to the Mobile Broadband Adapter driver. (This doesn’t apply if you have hardware-specific drivers, like in the ARM-based Always Connected PCs.)
tWhichever driver you use, you can now see roaming data consumption under Settings / Network & Internet / Data usage.
- Windows 10 power tips: Secret shortcuts to your favorite settings (Tech Pro Research)
- How to avoid installing Windows 10 crapware (free PDF) (TechRepublic)
- Top ten features in the Windows 10 October 2018 Update (TechRepublic)