Jump to content

Deploying Windows 10 feature updates


Recommended Posts

Hello all,

We have a cloud hosted Automate server and we've found it really isn't straight forward to deploy the latest 1903 feature update to client PCs.
I'd really like to hear from those of you that also use a cloud hosted Automate server - how do you all deal with these feature updates .. build 1903 for example.

Incidentally I also read yesterday that Microsoft are soon releasing the 1909 update which will actually be a Cumulative Update instead of a Feature Update.  I'm thinking (hoping) this may resolve the problem? 

I am also aware there is a solution centre update available to help with these feature updates, but it appears it's only aimed at on-prem solutions. 
I have had a bash at modifying (read:bodging) it to work with our cloud hosted setup, but alas with little success.

Any input would be greatly appreciated, thanks!

  • Like 1
Link to post
Share on other sites

Your mileage may almost certainly vary but for the sake of hopefully pointing you in a useful direction, I'll describe our current system.

We imported and updated our old kludgey way of doing it from Kaseya (we migrated after the end of last calendar year). The script goes a bit like this:

  1. Check for and deploy 7-Zip if needed. (The standalone executable can't do ISOs.)
  2. Download the ISO. (We're storing it at... ugh... SharePoint at the moment. Hey, it works.)
  3. Create working folder and extract ISO into folder.
  4. Make sure the setup.exe is actually present and bail with a detailed email to the tech if it isn't, since clearly something went horribly awry with the preceding steps.
  5. Pop up a "please don't turn off your system, you asked for this" message.
  6. Run 'path\to\setup.exe /auto upgrade /ShowOOBE none /quiet'

And yes, there's a cleanup script to be run afterward. If the tech has a ticket to be doing this at all, they should be tidying up as part of that ticket.

As to how we deal with feature updates to Win10 logistically, it's a matter of looking through the search we built looking for likely candidates, then coordinating time with the clients for access to the relevant machines. (The search is centered on an EDF which we populate with the build number.) It may not be fully automated but so far it's been working moderately well.

Link to post
Share on other sites

KKerezman, thank you for your input.  We migrated from Kaseya too, a couple of years back.  Been using Automate since it was LabTech 9.x I think..

I had considered a similar deployment scenario too.

We currently upgrade machines in our workshop via a NAS share with the following, which does a good job;

Setup.exe /auto upgrade /quiet /migratedrivers all /dynamicupdate disable /showoobe none /Compat IgnoreWarning

 I like the idea of a custom EDF to track and target by.  I will look at that, thanks.

Anyone know if the move to a cumulative update for 1909 changes anything with regards to Automate Patch Manager?

Link to post
Share on other sites

You're welcome!

Our EDF is populated by a script which runs this Powershell command:

(Get-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion’).CurrentBuild

Then passes the results through a series of IF checks along the lines of "If @powershellresult@ NOT = 10240 THEN Jump To :Not1507, otherwise set EDF to 1507 and exit" and so forth. We just tack a new IF check on twice per year. The script gets run weekly against online Win10 endpoints to keep the EDF updated. This lets us do groupings and reports and so on.

Link to post
Share on other sites
  • 1 month later...

Hey all,

Just curious if anyone here has used the built-in scripts for doing this under Maintenance --> Patching?

  • Windows 10 - Install Feature Update
  • Windows 10 - Feature Update ISO Cleanup

Is everyone rolling there own because this one doesn't work? It looks like you can pull the version number directly from the database without having to run an extra script to get it as well.

Link to post
Share on other sites

Windows 10 build number is available in searches as "OS Version" e.g. in the "Operating Systems and Service Pack Level\OS & SP - Windows 10 Workstations" search.

Since the PC is on Win10 already, by definition, it doesn't need to extract the ISO.  We run

Mount-DiskImage -ImagePath "@ISO@"

(Get-DiskImage "@ISO@" | Get-Volume).DriveLetter

The latter's %powershellresult% should hold the mounted drive letter.  Then run  "%powershellresult%:\setup.exe /auto upgrade /quiet".  No need to dismount as it goes away upon restart.

Plus warnings about the upcoming restart, and a check at the beginning to see that the PC is logged out (which we do by default each night).

For the download problem set up caching in Automate at each site, even if it's a workgroup (create a user on the "server" and connect using those credentials).

Link to post
Share on other sites

Jay, I can totally do that. You just need to prep a data field under Computers called something like "Windows 10 Version" (put it into whatever folder you like) and then schedule a periodic run of a data collection script. Our script is a bit brute force, really: Powershell command '(Get-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion’).CurrentBuild' and a series of IF checks (if powershellresult not =  10240 THEN jump to Not1507, set Windows 10 Version EDF to 1507) and so forth. Twice a year we have to expand the script to accommodate the new release ID number. You'll need the list of what "currentbuild" strings correspond to which release ID, that's available on Wikipedia and such.

Steve, that's pretty slick. I'd forgotten about Win10's ability to mount ISOs without 3rd party utils. I'll have to look into bringing some of that into our updater system.

  • Like 1
Link to post
Share on other sites
  • 2 weeks later...

Thanks @KKerezman for the extra info on EDFs.

I've implemented my own take on this and it appears to be pulling the info into the new EDF fine.  Now I just need to sort the ISO mount and install .. liking your idea to use sharepoint too (hey, if it works don't fix it!)

@JayHainesNZ I will attach some info on the EDF and script, it may help you..

image.thumb.png.dd737cda869da6426d1a0d2a41f4aee0.png

Query Win 10 version to populate EDF.xml

This ends up showing me the windows build version under EDF->Patching, like so;

image.png.8d1e102c3941c47952df40b3ccd0af48.png

Disclaimer: I am not a LabTech/Automate guru ... so don't complain that my scripts or methods are messy ;)

Link to post
Share on other sites

Chiming in real quick to say: We ended up abandoning the Sharepoint ISO hosting after one too many "file, what file?" situations. Since we're paying for a Wasabi storage account, we made a bucket with a public read-only ISO in it instead, that seems to be working much, much better. Also the Win10 mount trick @SteveYates described is working a treat. Nice one!

Link to post
Share on other sites

So below is what I have built in LT to handle patching after trying to use Patch Remedy and not being able to define specific schedules and settings for each of our customers ... or subset of devices for customers etc:

 

Computer EDF for tracking last attempt + last step + last error if there is one. (use this for reporting as I have a Dataview to pull these results)

image.png.f9bbcb6be3d0e399470d40ac453eae6c.png

 

Group EDF's allows me to define different settings for different set of machines, so might have a pilot group that only installs if users are logged out ... or certain machines will use a UNC path instead of the LT Cache drive location or I will allow a certain group to download the ISO directly from our LabTech server if it is unable to find it in the LT Cache drive or UNC path etc:

image.png.a12e336061cb9ab139c5250add1e632a.png

 

The Group also runs the main Script + potentially runs another script earlier in the day to prompt and remind the users this will be occurring tonight and to save and log-off when they are done (also run a script to wake-lock the machine so it doesn't sleep) and you can always use Advanced Searches to join devices to the group depending on the detected Computer Build.

The script itself checks version using registry and compares it to Target version on group and runs clean-up of ISO again + updates computer EDF and exits if it meets the requirement already... if not it proceeds and updates EDF on each stage etc ... I check free disk space and exit early and update EDF if doesn't meet threshold... alot of error handling and updating computers EDF with error results .... depending on the groups options I either prompt the user and depending on their response run the setup or not etc ... 

 

Dataview pointed at a Group (could run data at client / location / overall level or use something like BrightGauge to pull the data) showing results of the process based on the Computer EDF fields:

image.thumb.png.f3d3f0e84e6659c507dd5d558a86025b.png

Link to post
Share on other sites

I did a quick test yesterday...took a PC with 1903, lowered the FU deferral days so it would see the 1909 FU, and right clicked to install it through CWA.  I "walked away" at that point but it did have a pending restart after a couple of hours and after restarting overnight has 1909 now.

So it seems the mini, "flip the switch" 1903 to 1909 update might work through CWA?

Link to post
Share on other sites
  • 1 month later...

The main issue we are experiencing with the above script / configuration above is people power profiles and machines going to sleep at the time scheduled for the build upgrade.

 

Playing with the idea of creating / deploying a Windows Scheduled task to wake / power-on machines for a agreed "Maintenance Period" per week where we can do work like this but in the mean time thinking of having a separate scheduled script that will basically wake lock the machine earlier in the day on the day of the build upgrade.

I was thinking in the earlier wake lock script we could use EDF's to signal if we want to prompt that user earlier in the day that "There is scheduled maintenance configured for this machine tonight so please save what you are doing and logout when you finish or you may / will lose your work" + we could potentially signal to pre-download the upgrade ISO earlier in the day if we wanted to etc.

Link to post
Share on other sites
  • 4 weeks later...
On 11/14/2019 at 4:16 PM, SteveYates said:

Windows 10 build number is available in searches as "OS Version" e.g. in the "Operating Systems and Service Pack Level\OS & SP - Windows 10 Workstations" search.

Got asked about this, this is a default search (from CW, as far as I know).  It is just:

OS  LIKE  %Windows 10 %
OS Version > 0

  • Like 1
Link to post
Share on other sites
  • 8 months later...
On 1/22/2020 at 6:15 PM, Shannen R said:

The main issue we are experiencing with the above script / configuration above is people power profiles and machines going to sleep at the time scheduled for the build upgrade.

 

Playing with the idea of creating / deploying a Windows Scheduled task to wake / power-on machines for a agreed "Maintenance Period" per week where we can do work like this but in the mean time thinking of having a separate scheduled script that will basically wake lock the machine earlier in the day on the day of the build upgrade.

I was thinking in the earlier wake lock script we could use EDF's to signal if we want to prompt that user earlier in the day that "There is scheduled maintenance configured for this machine tonight so please save what you are doing and logout when you finish or you may / will lose your work" + we could potentially signal to pre-download the upgrade ISO earlier in the day if we wanted to etc.

Everything appears fine in the imported XML, however, I cannot for the life of me find where to add the fallback iso line in the script... can you tell me where to find that?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...