Archive
Configuration Manager current branch 2509 available as baseline
With the latest update to Configuration Manager (CM) current branch (version 2509) we’ve finally received new baseline version we can use for new site deployments. Previous baseline version is 2403 and was supported until 22nd of October, 2025. If we had any new site deployments in the last month or two, we had to go first through the deployment of an unsupported product and later on update it to the supported version (2409 and/or 2503). Since CM evaluation links are not yet updated with new baseline version, we still have to do this type of double deployment for evaluation deployments (if we want to use up-to-date systems). The same applies as well to the Windows 11 and Microsoft 365 Deployment Lab Kit download – it was updated in November 2025 with Windows 11 25H2 images, but the Configuration Manager current branch version preinstalled is as of this writing still at version 2403.
Version 2509 is currently available as an in-console update to those that are already running Configuration Manager current branch in their environment. If not, we can find baseline media on the Volume License Service Center or on Microsoft Visual Studio Download center.
General enhancements in version 2509:
- version 2509 of Configuration Manager focuses on security and quality updates (KB35877153)
- Windows 11 25H2 support
- Boot images can be automatically updated to use latest Windows Boot Loader (signed with Windows UEFI CA 2023) – only works on WDS-Less PXE-enabled Distribution Points
- Service Connection Tool improvements (better logging and error handling)
- minimum SQL 2016 or later version
- more info available at: What’s new in version 2509
More information about Configuration Manager versions, support end dates, baselines, hotfixes and more, we can find at Updates and servicing for Configuration Manager.
Windows Server 2025 and System Center 2025 are GA
Windows Server 2025 has officially launched, marking a significant advancement in the Windows Server platform. This release aims to provide a secure, high-performance environment tailored to meet an array of customer requirements. With Windows Server 2025, organizations can deploy applications in various settings, including on-premises, hybrid, and cloud environments.
Enhanced Security Features
In today’s landscape where cybersecurity is paramount, Windows Server 2025 introduces a comprehensive suite of security features designed to protect both data and infrastructure. Significant security enhancements include:
- Active Directory Improvements: Active Directory, recognized for its identity and authentication capabilities, now incorporates new security features to enhance resilience against evolving threats. Improvements include updated protocols, encryption mechanisms, hardening techniques, and new cryptographic support, all aimed at increasing scalability and robustness.
- SMB Hardening: The inclusion of SMB (Server Message Block) over QUIC facilitates secure access to file shares via the internet. Additional security measures within SMB have been implemented, such as hardened firewall defaults, mechanisms to prevent brute force attacks, and defenses against man-in-the-middle, relay, and spoofing attacks.
- Delegate Managed Service Accounts: With Delegate Managed Service Accounts (dMSAs), manual password management is no longer necessary as Active Directory automates this process. This feature allows for specific permissions to be delegated for resource access within the domain, which mitigates security risks and enhances accountability through better visibility and logging of service account activities.
These advancements position Windows Server 2025 as a formidable platform for IT infrastructure, making it an imperative for organizations to commence evaluations immediately.
Hybrid Cloud Capabilities for Greater Agility
Windows Server 2025 also brings forth new hybrid cloud capabilities that significantly boost operational flexibility and connectivity. Key features include:
- Hotpatching via Azure Arc: This feature introduces a subscription service that allows on-premises customers to benefit from cloud-like advantages, such as automatic updates and minimized disruptions. Hotpatching ensures security updates can be applied with fewer reboots, catering to Azure Arc-enabled Windows Server 2025 deployments.
- Simplified Azure Arc Onboarding: Integration with Azure Arc allows organizations to leverage Azure’s functionality directly within their data centers. This seamless onboarding enhances the management of hybrid and multicloud environments, improving security and operational versatility.
- Software-Defined Networking (SDN) Multisite Features: Windows Server 2025 includes L2 and L3 connectivity options that facilitate seamless workload migration. This includes unified management of network policies to maintain consistent security and performance standards across diverse cloud environments.
These features make Windows Server 2025 a suitable choice for organizations aiming to maximize their IT infrastructures while harnessing both on-premises and cloud capabilities.
Performance and Scalability for Advanced Workloads
Tailored to accommodate demanding workloads, including AI and machine learning, Windows Server 2025 boasts several performance-oriented features:
- Enhanced Hyper-V Capabilities: The platform supports GPU partitioning and can process substantial data sets efficiently, offering a high-performance environment conducive for AI and traditional applications alike. Features such as live migration and high availability ensure operational continuity.
- Improved Storage Performance: Windows Server 2025 delivers up to 60% more storage IOPS performance compared to its predecessor. This significant enhancement in storage capabilities is particularly beneficial for applications that rely on fast data access.
- Storage Innovations: The release continues Windows Server’s legacy of supporting various storage solutions, while introducing innovative features like Native ReFS deduplication, compression, thinly provisioned Storage Spaces, and Storage Replica Compression, now available in all editions.
- Scalability in Hyper-V: With advancements inherited from Azure, Windows Server 2025 significantly increases Hyper-V virtual machine capacities, including a maximum memory configuration of 240 Terabytes and 2048 virtual processors per VM.
These developments position Windows Server 2025 as an exceptional option for organizations seeking a robust virtualization solution while also delving into AI and machine learning capabilities with high efficiency.
System Center 2025 Availability
System Center 2025 is now generally available! This release marks a significant milestone in enhancing datacenter operations, focusing on infrastructure modernization and security. Released alongside Windows Server 2025, it allows you to leverage the newest Windows Server features with integrated management tools.
Security is paramount in today’s threat landscape. System Center 2025 bolsters security with reductions in scenarios using CredSSP and NTLM, TLS 1.3 support, and enhanced data security features on Microsoft Azure. Flexible data protection strategies include virtual TPM (vTPM) support and optimizing backup processes in Hyper-V environments.
Service Provider Foundation (SPF) is discontinued, with SPF 2022 remaining compatible for a transition period. Users are encouraged to switch to Azure Arc-enabled SCVMM, enhancing virtual machine management with unified operations like start, stop, and resize, under Azure’s RBAC.
System Center Operations Manager 2025 offers full support for Windows Server 2025, embraces OpenSSL 3.1 to 3.3 for cryptographic security, and improves browser compatibility, all enhancing system management and security.
Data Protection Manager (DPM) 2025 supports Windows Server 2025, employs Azure Key Vault for passphrase storage, and ensures vTPM settings continuity in VM restorations, integrating advanced cloud security to bolster protection strategies. New in DPM 2025 is also support for protection of SharePoint Subscription Edition and virtual TPM (vTPM) support for VMware.
Virtual Machine Manager 2025 leverages Windows Server 2025, extends management to Azure Stack HCI 23H2 clusters, adopts TLS 1.3 for enhanced security, and supports latest Linux distributions, optimizing complex environments’ management.
System Center 2025 is a comprehensive upgrade addressing modern IT needs with elevated security, cloud capabilities, and user-centric innovations. It enables efficient and secure infrastructure management for both on-premises and cloud environments.
Ready to upgrade? Explore the System Center product site, try a free trial at the Evaluation Center, and learn about Windows Server 2025.
More information and download links:
- What’s new in Windows Server 2025
- Windows Server 2025 known issues and notifications
- Windows Server 2025 Security Book
- Windows Server release information
- Revolutionizing Network Management and Performance with ATC, HUD and AccelNet on Windows Server 2025
- A New Dawn of Software Defined Networking (SDN) in Windows Server 2025
- Windows Server 2025 download (ISO & VHD, 180-day trial)
- System Center 2025 download (EXE, 180-day trial)
Windows Server 2025 – preview build 26080
Last week on 13th of March Microsoft announced (RSS) new preview release of Windows Server 2025 (Windows Server Long-Term Servicing Channel (LTSC), build 26080). This preview build contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition (for VM evaluation only):
To download evaluation (build 26080 will expire after September 15, 2024) version of new Windows Server 2025, go to Windows Insider Preview Downloads. To download preview Server versions, you need to be a member of the Windows Insider program. If you are not yet an insider, you can register for free here.
Besides English (US) version, you can also test server in few other languages:
Two of the most interesting changes in this new release are:
– Win32-OpenSSH server component is now installed by default,
– winget in Windows Server with Desktop Experience.
Starting in Windows Server 2025 the Win32-OpenSSH server side component (SSHD) will ship installed by default and if/when needed, it just needs to be enabled/disabled:
By default, when SSH is enabled, it will allow inbound connection on private networks (only) on the default TCP port 22. New local group “OpenSSH Users” can be used to allow remote connectivity for non-admin users.
Enable command that is executed in the background:
Get-Service -Name sshd | Set-Service -StartupType Automatic -PassThru | Start-Service
Disable command that is executed in the bckground:
Get-Service -Name sshd | Set-Service -StartupType Manual -PassThru | Stop-Service -Force
To customize default SSH config, you can edit file “C:\ProgramData\ssh\sshd_config”.
Some of the defaults:
AllowGroups administrators “openssh users”
HostKey PROGRAMDATA/ssh/ssh_host…
AuthorizedKeysFile .ssh/authorized_keys
Match Group administrators
AuthorizedKeysFile PROGRAMDATA/ssh/administrators_authorized_keys
Winget (Windows Package Manager) is command-line tool originally available on Windows 11 and modern versions of Windows 10. It allows admins and users to manage (install, uninstall, upgrade,…) locally installed applications. Winget is designed to help you quickly and easily discover and install custom software packages (by default from two sources: winget and msstore, with support for more).
Until you start managing applications with a solution like AppLocker, you might want to use GPO to disable winget.
If you want to test matching version of Windows Client, you can also download Windows 11 Insider Preview Build 26080:
Since Windows 11 Insider Preview Build 26052 you can natively run sudo on Windows 11, you just need to enable it:
Unlike winget, for this one I do hope it gets added to Windows Server at some point…
More info:
– Announcing Windows Server Preview Build 26080
– Introducing Sudo for Windows
Microsoft news in June 2019
So far June has been busy month for Microsoft. Few of the recent announcements I want you to know about:
– Microsoft Azure Bastion – private and fully managed RDP and SSH access to virtual machines (blog)
– AaronLocker performance and feature updates (blog)
– Microsoft Hyper-V Server 2019 available for download (ISO)
– Sysinternals updates
– Sysmon v10.01 – adds support for DNS query logging
– Autoruns for Windows v13.95 – adds support for user Shell folders redirections
– Windows To Go (WTG) – Feature Deprecation in Windows 10 1903
– PowerShell v7.0.0-preview.1 Release
– Azure Multi-Factor Authentication Server goes Cloud-Only – As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments.
– Microsoft Edge Insider Channels receives update on Canary channel – brings preview for Windows 7, Windows 8, Windows 8.1 and macOS (*)
– SCCM Client extension for Windows Admin Center (more info) (*)
– Windows Insider Lab Kit (Olympia v2) updated to version 5.7 (*)
– Windows and Office Deployment Lab Kit updated to version 1903 (*)
* added after initial blog post
System Center 2019 is here
For all of us that started playing with Windows Server 2019 at the end of last year, we also wanted to start playing with System Center 2019 ASAP. That day has come – Microsoft just started releasing System Center 2019 products.
On Microsoft Download Center you can find System Center 2019 Evaluation VHDs:
- System Center Orchestrator 2019 – Evaluation (VHD)
- System Center Service Manager 2019 – Evaluation (VHD)
- System Center Operations Manager 2019 – Evaluation (VHD)
- System Center Virtual Machine Manager 2019 – Evaluation (VHD)
- System Center Data Protection Manager 2019 – Evaluation (VHD)
and
Downloads for the installers are also available on Microsoft Evaluation Center.
If you have MSDN subscription or if you are active MCT, you can also download all the DVDs for System Center 2019 Products at https://my.visualstudio.com.
If you have access to Volume Licensing Service Center (VLSC), you can find new System Center 2019 product DVDs available for download at https://www.microsoft.com/Licensing/servicecenter/.
For those of you that just want to check out System Center 2019 products, downloading pre-build environment is a good option – fast and easy way to test the product without deploying it into your environment. Here you can find short PowerShell script that will help you automate the download part of this endeavor (Download SC2019 GA VHD Eval.ps1).
I’ve also put together PowerShell script that can download all System Center 2019 evaluation EXEs from Microsoft Evaluation Center: Download SC2019 GA Eval.ps1.
If you ponder about System Center 2019 products and can’t really put your finger on why you might want them, you can check this blog for short overview ( Windows Server Blog – Now available: Microsoft System Center 2019!).
One big news that came with System Center 2019 is that Microsoft will no longer release SAC (Semi-Annual Channel) versions of System Center products. They decided to go back to the “old” model of “LTSC” (Long-Term Servicing Channel) that provides five years of mainstream support and five years of extended support (with Update Rollups providing the incremental fixes and updates).
System Center Configuration Manager (SCCM) is not impacted by the 2019 release change and will continue current branch release cadence of three times per year as noted in the documentation, “Support for Configuration Manager current branch versions”.
Going down the IT rabbit hole 