Windows 20H2 changes

read

Comparison of Windows 10 2004 and Windows 10 20H2 installations that might assist others who need to check off some of these things in their pre-deployment security review.

The details below are based on vanilla installs using the latest iso from a Visual Studio professional subscription.

References

Version

We reviewed 20H2 version 19042.630

New Group Policy Settings

Windows 10 20H2 Group Policy Reference (.xls)

The new settings:

Turn off cloud optimized content (cloudcontent.admx)
Allow Update Compliance Processing (datacollection.admx)
Allow Desktop Analytics Processing (datacollection.admx)
Allow WUfB Cloud Processing (datacollection.admx)
Configure the inclusion of Edge tabs into Alt-Tab (multitasking.admx)

Default Network Listener Changes

No big changes for the listening services or ports - RPC, SMB and some higher dynamic assignments (side note - stumbled on some new & interesting windows TCP reference information here)

Minor flag for TCP 5040 which is LISTENING by default (this was also active in 2004).

Belonging to:

The “Connected Devices Platform Service”

Service Changes

New for 20H2:

AarSvc_5017c
BcastDVRUserService_5017c
BluetoothUserService_5017c
CaptureService_5017c
cbdhsvc_5017c
CDPUserSvc_5017c
ConsentUxUserSvc_5017c
CredentialEnrollmentManagerUserSvc_5017c
DeviceAssociationBrokerSvc_5017c
DevicePickerUserSvc_5017c
DevicesFlowUserSvc_5017c
edgeupdate
edgeupdatem
MessagingService_5017c
MicrosoftEdgeElevationService
OneSyncSvc_5017c
PimIndexMaintenanceSvc_5017c
PrintWorkflowUserSvc_5017c
UdkUserSvc_5017c
UnistoreSvc_5017c
UserDataSvc_5017c
WLMS
WpnUserService_5017c

Most are just iterations with a version appended.

The real “new” services are:

edgeupdate
edgeupdatem
MicrosoftEdgeElevationService
WLMS

The following are in the default “running” state by default in 20H2 (but were not in 2004):

LicenseManager
sppsvc
WLMS

Service Change Summary:

93/252 Services are “running” by default in 20H2
101/248 in Windows 10 2004

The full 20H2 default service list and status is:

PS C:\Users\chad> get-service

Status   Name               DisplayName
------   ----               -----------
Stopped  AarSvc_5017c       Agent Activation Runtime_5017c
Stopped  AJRouter           AllJoyn Router Service
Stopped  ALG                Application Layer Gateway Service
Stopped  AppIDSvc           Application Identity
Running  Appinfo            Application Information
Stopped  AppMgmt            Application Management
Running  AppReadiness       App Readiness
Stopped  AppVClient         Microsoft App-V Client
Running  AppXSvc            AppX Deployment Service (AppXSVC)
Stopped  AssignedAccessM... AssignedAccessManager Service
Running  AudioEndpointBu... Windows Audio Endpoint Builder
Running  Audiosrv           Windows Audio
Stopped  autotimesvc        Cellular Time
Stopped  AxInstSV           ActiveX Installer (AxInstSV)
Stopped  BcastDVRUserSer... GameDVR and Broadcast User Service_...
Stopped  BDESVC             BitLocker Drive Encryption Service
Running  BFE                Base Filtering Engine
Running  BITS               Background Intelligent Transfer Ser...
Stopped  BluetoothUserSe... Bluetooth User Support Service_5017c
Running  BrokerInfrastru... Background Tasks Infrastructure Ser...
Stopped  BTAGService        Bluetooth Audio Gateway Service
Stopped  BthAvctpSvc        AVCTP service
Stopped  bthserv            Bluetooth Support Service
Running  camsvc             Capability Access Manager Service
Stopped  CaptureService_... CaptureService_5017c
Running  cbdhsvc_5017c      Clipboard User Service_5017c
Running  CDPSvc             Connected Devices Platform Service
Running  CDPUserSvc_5017c   Connected Devices Platform User Ser...
Running  CertPropSvc        Certificate Propagation
Running  ClipSVC            Client License Service (ClipSVC)
Stopped  COMSysApp          COM+ System Application
Stopped  ConsentUxUserSv... ConsentUX_5017c
Running  CoreMessagingRe... CoreMessaging
Stopped  CredentialEnrol... CredentialEnrollmentManagerUserSvc_...
Running  CryptSvc           Cryptographic Services
Stopped  CscService         Offline Files
Running  DcomLaunch         DCOM Server Process Launcher
Stopped  defragsvc          Optimize drives
Stopped  DeviceAssociati... DeviceAssociationBroker_5017c
Stopped  DeviceAssociati... Device Association Service
Stopped  DeviceInstall      Device Install Service
Stopped  DevicePickerUse... DevicePicker_5017c
Stopped  DevicesFlowUser... DevicesFlow_5017c
Stopped  DevQueryBroker     DevQuery Background Discovery Broker
Running  Dhcp               DHCP Client
Stopped  diagnosticshub.... Microsoft (R) Diagnostics Hub Stand...
Stopped  diagsvc            Diagnostic Execution Service
Running  DiagTrack          Connected User Experiences and Tele...
Running  DispBrokerDeskt... Display Policy Service
Stopped  DisplayEnhancem... Display Enhancement Service
Stopped  DmEnrollmentSvc    Device Management Enrollment Service
Stopped  dmwappushservice   Device Management Wireless Applicat...
Running  Dnscache           DNS Client
Running  DoSvc              Delivery Optimization
Stopped  dot3svc            Wired AutoConfig
Running  DPS                Diagnostic Policy Service
Running  DsmSvc             Device Setup Manager
Stopped  DsSvc              Data Sharing Service
Running  DusmSvc            Data Usage
Stopped  Eaphost            Extensible Authentication Protocol
Stopped  edgeupdate         Microsoft Edge Update Service (edge...
Stopped  edgeupdatem        Microsoft Edge Update Service (edge...
Stopped  EFS                Encrypting File System (EFS)
Stopped  embeddedmode       Embedded Mode
Stopped  EntAppSvc          Enterprise App Management Service
Running  EventLog           Windows Event Log
Running  EventSystem        COM+ Event System
Stopped  Fax                Fax
Stopped  fdPHost            Function Discovery Provider Host
Stopped  FDResPub           Function Discovery Resource Publica...
Stopped  fhsvc              File History Service
Running  FontCache          Windows Font Cache Service
Stopped  FrameServer        Windows Camera Frame Server
Running  gpsvc              Group Policy Client
Stopped  GraphicsPerfSvc    GraphicsPerfSvc
Stopped  hidserv            Human Interface Device Service
Stopped  HvHost             HV Host Service
Stopped  icssvc             Windows Mobile Hotspot Service
Stopped  IKEEXT             IKE and AuthIP IPsec Keying Modules
Stopped  InstallService     Microsoft Store Install Service
Running  iphlpsvc           IP Helper
Stopped  IpxlatCfgSvc       IP Translation Configuration Service
Running  KeyIso             CNG Key Isolation
Stopped  KtmRm              KtmRm for Distributed Transaction C...
Running  LanmanServer       Server
Running  LanmanWorkstation  Workstation
Stopped  lfsvc              Geolocation Service
Running  LicenseManager     Windows License Manager Service
Stopped  lltdsvc            Link-Layer Topology Discovery Mapper
Stopped  lmhosts            TCP/IP NetBIOS Helper
Running  LSM                Local Session Manager
Stopped  LxpSvc             Language Experience Service
Stopped  MapsBroker         Downloaded Maps Manager
Stopped  MessagingServic... MessagingService_5017c
Stopped  MicrosoftEdgeEl... Microsoft Edge Elevation Service (M...
Stopped  MixedRealityOpe... Windows Mixed Reality OpenXR Service
Running  mpssvc             Windows Defender Firewall
Stopped  MSDTC              Distributed Transaction Coordinator
Stopped  MSiSCSI            Microsoft iSCSI Initiator Service
Stopped  msiserver          Windows Installer
Stopped  NaturalAuthenti... Natural Authentication
Stopped  NcaSvc             Network Connectivity Assistant
Running  NcbService         Network Connection Broker
Stopped  NcdAutoSetup       Network Connected Devices Auto-Setup
Stopped  Netlogon           Netlogon
Stopped  Netman             Network Connections
Running  netprofm           Network List Service
Stopped  NetSetupSvc        Network Setup Service
Stopped  NetTcpPortSharing  Net.Tcp Port Sharing Service
Stopped  NgcCtnrSvc         Microsoft Passport Container
Stopped  NgcSvc             Microsoft Passport
Running  NlaSvc             Network Location Awareness
Running  nsi                Network Store Interface Service
Stopped  OneSyncSvc_5017c   Sync Host_5017c
Stopped  p2pimsvc           Peer Networking Identity Manager
Stopped  p2psvc             Peer Networking Grouping
Running  PcaSvc             Program Compatibility Assistant Ser...
Stopped  PeerDistSvc        BranchCache
Stopped  perceptionsimul... Windows Perception Simulation Service
Stopped  PerfHost           Performance Counter DLL Host
Stopped  PhoneSvc           Phone Service
Stopped  PimIndexMainten... Contact Data_5017c
Stopped  pla                Performance Logs & Alerts
Running  PlugPlay           Plug and Play
Stopped  PNRPAutoReg        PNRP Machine Name Publication Service
Stopped  PNRPsvc            Peer Name Resolution Protocol
Stopped  PolicyAgent        IPsec Policy Agent
Running  Power              Power
Stopped  PrintNotify        Printer Extensions and Notifications
Stopped  PrintWorkflowUs... PrintWorkflow_5017c
Running  ProfSvc            User Profile Service
Stopped  PushToInstall      Windows PushToInstall Service
Stopped  QWAVE              Quality Windows Audio Video Experience
Stopped  RasAuto            Remote Access Auto Connection Manager
Running  RasMan             Remote Access Connection Manager
Stopped  RemoteAccess       Routing and Remote Access
Stopped  RemoteRegistry     Remote Registry
Stopped  RetailDemo         Retail Demo Service
Running  RmSvc              Radio Management Service
Running  RpcEptMapper       RPC Endpoint Mapper
Stopped  RpcLocator         Remote Procedure Call (RPC) Locator
Running  RpcSs              Remote Procedure Call (RPC)
Running  SamSs              Security Accounts Manager
Stopped  SCardSvr           Smart Card
Stopped  ScDeviceEnum       Smart Card Device Enumeration Service
Running  Schedule           Task Scheduler
Stopped  SCPolicySvc        Smart Card Removal Policy
Stopped  SDRSVC             Windows Backup
Stopped  seclogon           Secondary Logon
Running  SecurityHealthS... Windows Security Service
Stopped  SEMgrSvc           Payments and NFC/SE Manager
Running  SENS               System Event Notification Service
Stopped  Sense              Windows Defender Advanced Threat Pr...
Stopped  SensorDataService  Sensor Data Service
Stopped  SensorService      Sensor Service
Stopped  SensrSvc           Sensor Monitoring Service
Running  SessionEnv         Remote Desktop Configuration
Running  SgrmBroker         System Guard Runtime Monitor Broker
Stopped  SharedAccess       Internet Connection Sharing (ICS)
Stopped  SharedRealitySvc   Spatial Data Service
Running  ShellHWDetection   Shell Hardware Detection
Stopped  shpamsvc           Shared PC Account Manager
Stopped  smphost            Microsoft Storage Spaces SMP
Stopped  SmsRouter          Microsoft Windows SMS Router Service.
Stopped  SNMPTRAP           SNMP Trap
Stopped  spectrum           Windows Perception Service
Running  Spooler            Print Spooler
Running  sppsvc             Software Protection
Running  SSDPSRV            SSDP Discovery
Stopped  ssh-agent          OpenSSH Authentication Agent
Running  SstpSvc            Secure Socket Tunneling Protocol Se...
Running  StateRepository    State Repository Service
Stopped  stisvc             Windows Image Acquisition (WIA)
Running  StorSvc            Storage Service
Stopped  svsvc              Spot Verifier
Stopped  swprv              Microsoft Software Shadow Copy Prov...
Running  SysMain            SysMain
Running  SystemEventsBroker System Events Broker
Running  TabletInputService Touch Keyboard and Handwriting Pane...
Stopped  TapiSrv            Telephony
Running  TermService        Remote Desktop Services
Running  Themes             Themes
Stopped  TieringEngineSe... Storage Tiers Management
Running  TimeBrokerSvc      Time Broker
Running  TokenBroker        Web Account Manager
Running  TrkWks             Distributed Link Tracking Client
Stopped  TroubleshootingSvc Recommended Troubleshooting Service
Stopped  TrustedInstaller   Windows Modules Installer
Stopped  tzautoupdate       Auto Time Zone Updater
Stopped  UdkUserSvc_5017c   Udk User Service_5017c
Stopped  UevAgentService    User Experience Virtualization Service
Running  UmRdpService       Remote Desktop Services UserMode Po...
Stopped  UnistoreSvc_5017c  User Data Storage_5017c
Stopped  upnphost           UPnP Device Host
Stopped  UserDataSvc_5017c  User Data Access_5017c
Running  UserManager        User Manager
Running  UsoSvc             Update Orchestrator Service
Stopped  VacSvc             Volumetric Audio Compositor Service
Stopped  VaultSvc           Credential Manager
Stopped  vds                Virtual Disk
Stopped  vmicguestinterface Hyper-V Guest Service Interface
Running  vmicheartbeat      Hyper-V Heartbeat Service
Running  vmickvpexchange    Hyper-V Data Exchange Service
Running  vmicrdv            Hyper-V Remote Desktop Virtualizati...
Running  vmicshutdown       Hyper-V Guest Shutdown Service
Running  vmictimesync       Hyper-V Time Synchronization Service
Stopped  vmicvmsession      Hyper-V PowerShell Direct Service
Running  vmicvss            Hyper-V Volume Shadow Copy Requestor
Running  VSS                Volume Shadow Copy
Stopped  W32Time            Windows Time
Stopped  WaaSMedicSvc       Windows Update Medic Service
Stopped  WalletService      WalletService
Stopped  WarpJITSvc         WarpJITSvc
Stopped  wbengine           Block Level Backup Engine Service
Stopped  WbioSrvc           Windows Biometric Service
Running  Wcmsvc             Windows Connection Manager
Stopped  wcncsvc            Windows Connect Now - Config Registrar
Running  WdiServiceHost     Diagnostic Service Host
Running  WdiSystemHost      Diagnostic System Host
Running  WdNisSvc           Microsoft Defender Antivirus Networ...
Stopped  WebClient          WebClient
Stopped  Wecsvc             Windows Event Collector
Stopped  WEPHOSTSVC         Windows Encryption Provider Host Se...
Stopped  wercplsupport      Problem Reports Control Panel Support
Stopped  WerSvc             Windows Error Reporting Service
Stopped  WFDSConMgrSvc      Wi-Fi Direct Services Connection Ma...
Stopped  WiaRpc             Still Image Acquisition Events
Running  WinDefend          Microsoft Defender Antivirus Service
Running  WinHttpAutoProx... WinHTTP Web Proxy Auto-Discovery Se...
Running  Winmgmt            Windows Management Instrumentation
Stopped  WinRM              Windows Remote Management (WS-Manag...
Stopped  wisvc              Windows Insider Service
Stopped  WlanSvc            WLAN AutoConfig
Running  wlidsvc            Microsoft Account Sign-in Assistant
Running  WLMS               Windows Licensing Monitoring Service
Stopped  wlpasvc            Local Profile Assistant Service
Stopped  WManSvc            Windows Management Service
Stopped  wmiApSrv           WMI Performance Adapter
Stopped  WMPNetworkSvc      Windows Media Player Network Sharin...
Stopped  workfolderssvc     Work Folders
Stopped  WpcMonSvc          Parental Controls
Stopped  WPDBusEnum         Portable Device Enumerator Service
Running  WpnService         Windows Push Notifications System S...
Running  WpnUserService_... Windows Push Notifications User Ser...
Running  wscsvc             Security Center
Running  WSearch            Windows Search
Running  wuauserv           Windows Update
Stopped  WwanSvc            WWAN AutoConfig
Stopped  XblAuthManager     Xbox Live Auth Manager
Stopped  XblGameSave        Xbox Live Game Save
Stopped  XboxGipSvc         Xbox Accessory Management Service
Stopped  XboxNetApiSvc      Xbox Live Networking Service

Significant Hardware Requirement Changes

No. Changes were in 2004.

End of Life Features:

The MBAE app experience is replaced by an MO UWP app. Metadata for the MBAE service is removed.

Interesting Issues & Issue Tracking:

Drivers: Microsoft are continuing their push for drivers that are signed correctly. They’re tracking it as an “issue” but the “fix” is to contact the vendor and have them get in line with a new driver. This is a good thing. link.
Microsoft have a really great issue tracking site https://docs.microsoft.com/en-us/windows/release-information/status-windows-10-20h2

Default PowerShell Version Information

20H2:

    PS C:\Users\chad> $PSVersionTable
    
    Name                           Value
    ----                           -----
    PSVersion                      5.1.19041.1
    PSEdition                      Desktop
    PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
    BuildVersion                   10.0.19041.1
    CLRVersion                     4.0.30319.42000
    WSManStackVersion              3.0
    PSRemotingProtocolVersion      2.3
    SerializationVersion           1.1.0.1

2004:

    PS C:\Users\chad> $PSVersionTable
    
    Name                           Value
    ----                           -----
    PSVersion                      5.1.19041.546
    PSEdition                      Desktop
    PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
    BuildVersion                   10.0.19041.546
    CLRVersion                     4.0.30319.42000
    WSManStackVersion              3.0
    PSRemotingProtocolVersion      2.3
    SerializationVersion           1.1.0.1

Servicing Notes

Windows 10, version 2004 and Windows 10, version 20H2 share a common core operating system with an identical set of system files. As a result, the new features in version 20H2 were included in the monthly quality updates for version 2004 released on September 8, 2020, but were delivered in a disabled/dormant state. These features remain dormant until they are turned on with the Windows 10, version 20H2 enablement package: a small, quick to install “switch” that activates these features. Using an enablement package, the update to Windows 10, version 20H2 should take approximately the same amount of time as it does to install monthly quality updates. ref.

Also:

Starting with Windows 10, version 20H2, LCUs and SSUs have been combined into a single cumulative monthly update, available via Microsoft Catalog or Windows Server Update Services.