Windows 10 Versions: Home Vs Pro Vs Enterprise

Den W. Den W. 03 June
Windows 10 Versions: Home Vs Pro Vs Enterprise

Windows 10 comes in a number of different editions, but which one should you buy? Is it worth paying for Pro over Home? What about the Enterprise edition? I'm going to cover the differences between them, and I'm also going to mention a couple of extra versions that you might not have heard about.

Today we're talking about Windows 10, and the different editions that it comes in. Let's start by comparing Windows 10 Home against Windows 10 Pro, then we'll move on to the Enterprise edition, and then we'll talk about a couple of those extra versions.

Pro vs Home

For general home use, the difference between Home and Pro boils down to a list of features that most home users won't care about. For businesses on the other hand, it's a very different story. If you try to run Home edition in a business you're going to run straight into a management and security nightmare. The most fundamental difference between Home and Pro is Pro's ability to be joined to Active Directory, or at least to Azure AD.

Active Directory is the cornerstone of most business networks. It provides centralised authentication, security, management, and automation for every single device and user on the network. If you're ever tempted to try and build a business network using Home edition to save a few pennies... don't. Believe me, I've seen it and it will cost you.

So if you're a business and you can't count your employees on one hand, then the choice is clear; but what if you're a home user? Is there any reason to pay for Pro over Home? Well, yes. I'd say the case is limited to IT professionals and enthusiasts. The professional management tools that you get with Pro can give you more control over different components of your operating system. If you're an enthusiast, that might be helpful. If you're the type to build a homelab then you're basically running a business network anyway; so Windows 10 Pro will give you access to all that server-side goodness that you've deployed. If you want to run the management tools on your computer as well, then you're going to need Pro for that. That doesn't work with Home.

One of the Oro features I use all the time is Remote Desktop. Both Home and Pro do have the Remote Desktop Client, and can connect to remote computers; but only Pro can host the remote session. That means you can connect to your Pro computer using Home, but if you're running Home on a computer then you can't connect to that using anything.

If you're using Home and you want that sort of functionality, you can install third-party tools to do something similar. Something like TeamViewer for example. But there is something to be said about it being built-in and not having to go out to some third party on the internet.

Virtualisation is another benefit of upgrading to Pro. Using Windows 10 Pro you can create and run virtual machines using Hyper-V. That's really handy for testing things out, or for running a limited homelab. You also get Windows Sandbox, which is essentially a quick, lightweight, and disposable virtual machine that's isolated from the rest your operating system. That can be handy if you've had to download something from the internet, and you need to run it, but you're not 100% sure if you should trust it.

You can create virtual machines and run them using third-party software such as VirtualBox or VMware workstation on Home edition, but those are type 2 hypervisors which means they sit on top of the operating system. Hyper-V by comparison is a type 1 hypervisor, which means it has direct access to the hardware, and that makes it more efficient.

The final reason you might want to choose Pro over Home is support for encryption. Windows 10 Pro supports both the older Encrypting File System which works on a per-file basis, and the newer BitLocker which encrypts the entire drive. In most cases it's BitLocker you want. Officially, neither of these are supported on Windows 10 Home... but that's not completely true. Windows 10 Home does support device encryption... which is BitLocker. The differences are that with the Home edition you don't really get any control other than it being turned on or turned off; and it only supports a TPM unlock method, not a PIN. The other thing you get with "proper" BitLocker is support for BitLocker to go. You know those expensive encrypted UCB drives? Well, plug in a regular USB drive, right-click, "Turn BitLocker on", and I just saved you some money.

In terms of performance, Home and Pro are the same. You're not going to get better performance by spending extra money to get Pro. Take that money and put it into better hardware instead. There is a difference in the maximum supported hardware though. Home tops out at 1 CPU, 64 cores, and 128 GB of RAM; which is let's face it, more than enough for most people. Pro on the other hand will go up to 2 CPUs, 128 cores, and 2 TB of RAM. For most people that's not going to matter, but there are certain workloads that can benefit from it.

Enterprise vs Pro

The Enterprise edition is only available through business channels, so it's probably not an option for most home users. You can't really buy Windows 10 Enterprise outright - what you buy is an upgrade licence that assumes you already have a Pro licence to begin with. That makes this the most expensive option.

I have to mention this because I can see the comments already. If you type "Windows 10 Enterprise" into Google, you're going to see some results that seem to contradict that. You're going to see it on sale to anyone, and probably a ridiculously low price. That's perhaps a topic for another day, but what I will say is you're unlikely to be seeing those through legitimate channels. There are legitimate sellers of second-hand licenses, who have relationships with Microsoft, and the companies who originally owned the licences, and they have the legal paperwork to back up where each of those licenses came from. From what I've seen, they're not usually the ones that turn up in those search results with the prices attached, though. In those cases, it's probably part of a massive trade in grey market licences, which are dodgy at best, and depending on where you live and how you use them may or may not be illegal. There are also stolen licenses mixed up in there; and I'm not just saying that - I have personally seen it happen.  I can't see what's on your computer screen and there's more going on than i can cover here, so I'm not going to try and make any judgment on it. I'm just going to give you that information, and what you do with it is up to you.

What I will cover are some of the main differences between Pro and Enterprise, and why you might want to spend your hard-earned cash on the latter. First up is ReFS - the Resilient File System. Compared to the traditional NTFS file system, ReFS is more resistant to data degradation over time, also known as bit rot. This is an important issue in the datacentre where data storage volumes are growing larger and larger all the time. Windows 10 Home and Pro can use an ReFS volume, but they can't create one in the first place. Only Windows 10 Enterprise can do that.

One of the main reasons people used to flock to Windows 10 Enterprise was for DirectAccess. That creates an encrypted connection from your device back to your workplace as soon as the device is online, giving you access to your corporate network. It was like having a VPN connected all the time, and it made life a lot easier for remote workers and the admins who had to support them.

DirectAccess hasn't gone anywhere, but the case for paying the Enterprise upgrade for it these days is a little less convincing. That's because Microsoft have released Always On VPN, which does largely the same thing and is available in Windows 10 Pro. As you can imagine, a lot of people are migrating from DirectAccess to Always On VPN and ditching the Enterprise licence.

An Enterprise-only feature that doesn't get a lot of attention, but I think is quite a good one is Credential Guard. If you've not come across a pass-the-hash attack before, here's the quick version. If someone gains access to a computer they can steal the credentials of any account that's logged onto it. They can then use that to access other computers on the network, and that's how attackers spread out. It's called lateral movement. Once they get access to a computer that has an administrator logged on to it, then it's game over. They now own your network.

Credential Guard uses virtualisation technology to isolate the credentials of logged-on users away from the rest of the operating system. That can help stop this sort of attack. There is a pretty good case for upgrading administrative workstations to Enterprise edition just for this feature.

Enterprise edition gives you additional ways to lock things down compared to Pro edition. Like AppLocker for example, which allows you to restrict applications so they can only run if they've been specifically whitelisted. If something dodgy does get onto the computer... tough. They can't run it anyway. You also get the Unified Write Filter which essentially makes your computer read-only. Once it gets rebooted, any changes that were made are discarded. You can use that to create a kiosk machine without having to worry too much about what the user might do to it. Reboot, and it never happened.  Microsoft use AppLocker to protect their Office 365 infrastructure.

Another interesting addition you get with Enterprise is support for App-V. App-V allows you to stream virtualised applications to your users' desktops, whilst keeping them all in their own isolated bubble. That's useful to avoid software conflicts, like if you need to run two different versions of the same software on the same computer; which sometimes happens if you've got two different customers with competing software requirements.

Rounding up our Enterprise features we have BranchCache and Windows to Go. BranchCache keeps a local copy of recently accessed files from a file share, which can speed up access to frequently used data at remote locations. Windows to Go allows you to boot Windows from a USB drive. So, essentially, you can take your corporate desktop, put it in your pocket, and boot it up off some surrogate hardware wherever you happen to be working that day. That can potentially be a cheaper way of letting people work from home, whilst restricting access to only managed devices, without actually buying them a managed device. You give them Windows to Go, they plug it into their home computer, it boots onto their corporate desktop, which then connects back to the mothership using DirectAccess, and away they go.

That just about covers the feature differences between Pro and Enterprise. In terms of support, Enterprise gets an extra 12 months of support, but only on the September release. Remember, there are two releases Windows 10 every year, so this is the second one. That can be handy for large enterprises who sometimes struggle with the 18-month upgrade cycle. Just like going from Home to Pro got you a bump in hardware support; going from Pro to Enterprise gets you additional hardware support. Enterprise can cope with up to 4 CPUs, 256 cores, and a whopping 6TB of memory. And "yes". Fit it with the GPU... it'll run Crysis. But not any better than the Home edition will.

Enterprise E3 & E5

If you're wondering where E3 and E5 fit into things then, they're not the operating system. Windows 10 Enterprise E3 and E5 are subscriptions which happen to include the Windows 10 Enterprise operating system, plus additional services. Those additional services are Virtual Desktop Access rights, and in the case of E5 you get Advanced Threat Protection services as well.

Bonus Editions

I promised you a couple of extras as well, and I wasn't talking about E3 and E5. In addition to Windows 10 Pro and Windows 10 Enterprise, you also have Windows 10 Pro for Workstations, and Enterprise LTSC.

Pro for Workstations sits somewhere in-between Pro and Enterprise. Essentially it has the features of Pro, and the hardware support of Enterprise. Plus it has ReFS for some reason. If you have massive hardware requirements, and you don't want to pay the extra for Enterprise, then this is the niche you're looking for.

Enterprise LTSC stands for Long-Term Servicing Channel. You know in the days before Windows 10, the way you used to get a new version of Windows every few years, and it would be supported for a decade? Well, LTSC uses that same legacy servicing model, rather than the 6-monthly updates that the rest of Windows 10 gets. For a lot of admins who are suffering from update fatigue, this might sound very welcome; but there are some downsides. It's missing most of the newer apps like Edge, Cortana, and the Windows Store; and you're probably going to have software compatibility issues. If you think about it, during the 10 years that LTSC is supported, it's effectively frozen in time. It's getting security updates, but it's not getting new features. Meanwhile, regular Windows 10 is going to go through 20 different versions in the same period. That's a lot for vendors to support, and honestly most of them are probably going to focus on supporting the current mainstream versions of Windows 10.

LTSC isn't intended for normal use. It's more for specific devices that you know aren't going to change. If you're building an MRI machine and you wanted to put Windows 10 in it, then you don't want that expensive piece of equipment breaking in 6 months when the next feature pack comes out; so in that case you might want to use Enterprise LTSC.

Hopefully this helps you understand the different editions of Windows 10. 

Comments (0)

    No comments yet

You must be logged in to comment.

Sign In / Sign Up