Infrastructure preparations for Windows 10

Let me start my series of Windows 10 posts with some basic information, even if most of it was already published earlier all around the internet. Anyway, it is a good summary and should be included in a blog about Windows 10 😉

In order to implement Windows 10 in your environment, these are the required prerequisites:

KMS server

If your KMS server is already running on Windows Server 2012 R2, install the KMS key for Windows 10. Further information can be found here:

If your KMS server is running on an older version of Windows, you can either install the required update:

Or seize the opportunity and upgrade your KMS server to Windows Server 2012 R2 (recommended)

Software Updates

Enable updates for Windows 10 in your WSUS server / ConfigMgr Software Update Point

Group Policies

Download the Group Policy templates for Windows 10 and add them to your Central Store (download link for Windows 10 1511):

Windows as a service

Windows as a service requires WSUS 4.0 (which means you need a Windows Server 2012 R2 server hosting the WSUS server / ConfigMgr Software Update Point). Note: ConfigMgr 1602 supports an inplace upgrade of Windows Server 2008 R2 to Windows Server 2012 R2.

Windows as a service also requires an update for WSUS:


Download and install the latest (!) Windows Assessment and Deployment Kit for Windows 10 1511:


If you are still running System Center Configuration Manager 2012 R2 SP1, first update your ConfigMgr hierarchy to ConfigMgr 1511 and finally to ConfigMgr 1602. Nevertheless, you can start implementing a Windows 10 Wipe and load deployment with ConfigMgr 2012 R2 SP1 and upgrade your hierarchy during your Windows 10 development phase.


If you are using MDT, update to MDT 2013 Update 2 (supports Windows 10 inplace upgrade task sequence):


If you are using MBAM to manage your Bitlocker-encrypted devices, plan the update to MBAM 2.5 SP1. Note: MBAM 2.5 already supports Windows 10, but MBAM 2.5 SP1 adds new features on Windows 10 devices like pre-boot recovery messages and the new MBAM clients supports Used Space Encryption: