Why it matters to you
The Windows 10 S restrictions imposed by Microsoft create a secure environment for students but it could be a hassle for IT professionals.
Microsoft introduced its seemingly long-awaited Surface Laptop during a special education-themed event in May. Powering this device was a new version of Windows 10 with an ‘S’ slapped at the end of its name. Right off the bat, we knew that the platform would only enable the use of Microsoft-sanctioned apps sold through the Windows Store. But the scope of Microsoft’s Windows 10 S restrictions goes way beyond a simple app lock-down.
For clarification, the Windows 10 S restrictions require that all apps and drivers have a Windows Store signature. That means users can’t side-load apps even if they are based on Microsoft’s Universal Windows Platform design. But that also means companies and institutions cannot install their in-house solutions used on Windows 10 Pro and Windows 10 Enterprise. Moreover, driver packages cannot include “non-Microsoft UI components or applications.”
As Microsoft previously confirmed, the Windows 10 S restrictions prevent users from installing Google Chrome, Mozilla Firefox, and other internet browsers unless the developers create versions for distribution through the Windows Store. Thus, Microsoft Edge is the only browser that can be used and Microsoft is also preventing users from changing the default search engine from Bing.
Another problem stemming from the Windows Store lockdown is that Windows 10 S users cannot install third-party anti-virus, disk utility, and backup products that rely on file system filter drivers. That said, Windows 10 S forces users to rely on the built-in Windows Defender component, which is not a bad thing, but could pose a problem in institutions where IT pros manage the security of multiple devices with one solution.
That is not the only headache for IT. Devices with Windows 10 S cannot join a Windows domain. That means they cannot be managed by Active Directory either and must be handled through Azure Active Directory, a “multi-tenant cloud based directory and identity management service.”
Outside the Windows Store requirement, the Windows 10 S restrictions include blocking specific built-in Windows 10 components from running at all. These include:
- bash.exe
- cdb.exe
- cmd.exe
- cscript.exe
- csi.exe
- dnx.exe
- kd.exe
- lxssmanager.dll
- msbuild.exe
- ntsd.exe
- powershell.exe
- powershell_ise.exe
- rcsi.exe
- reg.exe
- regedt32.exe
- windbg.exe
- wmic.exe
- wscript.exe
As of this publication, Microsoft has yet to provide detailed information outlining the Windows 10 S restrictions and benefits. The company also has not provided evaluation copies for IT pros to test, which are usually served up on Microsoft-owned sources including MSDN. The platform, it seems, is only found on the new Surface Laptop … for now.
The point behind Windows 10 S is to combat Google’s popular Chrome OS platform powering Chromebooks in the education arena. Although the Surface Laptop does not sport the price you expect for the average student, many models packing the Windows 10 S operating system will be low enough to give low-cost Chromebooks a hard time on the market. Microsoft is mainly targeting students with its Windows 10 S initiative and users can always upgrade to Windows 10 Pro if the limiting Windows 10 S restrictions get too cumbersome.