/build/static/layout/Breadcrumb_cap_w.png

Applying Windows 10 Feature Updates with KACE

THIS IS OUTDATED!!! PLEASE SEE COMMENTS BELOW FOR UPDATDED LINK TO A WAY EASIER SOLUTION.


Here is how I did it. I am sure there are 1000 ways to skin this cat. Hopefully this helps somebody.


Environment Details

WAN devices on approx 20 different remote sites with links from 1MB to 100mb connection speed.


Requirements for my project

  1. Update all windows 10 from x to Windows Version 1703 (OS Build 15063.729). We had multiple versions of Windows 10 ranging from 1511 to 1607.

  2. Upload the 4GB install files to WAN locations only once.


Important info/lingo/links for Windows 10 upgrading.

Windows 10 Version Info - https://goo.gl/6YczDW

Pay attention to difference in Version and Build.

Step 1 - Download ISO and copy to WAN Locations

  1. Download the ISO for 1703 (or version you are trying to update to). You can use the Windows Media Creation Tool or if you want to download directly you can do this trick. Extract the contents of ISO to a folder of your choice.

  2. Copy the entire contents of the folder above to each replication share. If you don't use replication shares this can be just a shared drive on a device in the same location as the device you want to upgrade. This is strickly for bandwidth reasons. If you are not concerned with bandwidth (and time to transfer 4gb) to each location then skip this step. Just make sure that whatever you setup your script in the “Windows Run As” has read Share and NTFS permissions.

Step 2 - Apply Labels to target Devices

Apply a Manual Label to each device you want to upgrade. I used Win10Upgrade-Nov1, Win10Upgrade-Nov7 etc so that you could easily go back and tell by the label when the upgrade was applied. Then after all was good and no issues removed all the manual labels.

.

Step 3 - Create the Script that does the work

Create Script that will do the actual upgrade. I will not give every script options here but here are the key ones.

  1. Under Deploy Section select Microsoft Windows and choose your labels or devices to target. Again I used manual Labels created in Step 2 above.

  2. Under Tasks Add a task and choose “Run a batch file…” with this as the bat file text. This is straight from this TechNet article. I used a bat file because I store the %kacelocalrepo% as a system variable that is set via GPO for other upgrades that are to large in size for Managed Installs.

    1. %kacelocalrepo%\Win10Build15063\setup.exe /auto upgrade /installfrom %kacelocalrepo%\Win10Build15063\sources\install.wim /dynamicupdate disable

Step 4 - Run the Script

Either use the “Run Now” feature or schedule the script to run once at a specific time. Just personal preference here. There is probably some way to silently do this but I choose to allow the users to cancel because I would rather them cancel the install (its graceful) rather than power off the machine and corrupt the upgrade.

Step 5 - Go fishing! Most Important Step!

Go fishing in your favorite watering hole and come back to upgraded Windows 10 devices. Use KACE GO app to make your boss think you're doing this from land.


Side Notes

I did not use the Windows 10 media creation tool. I used the trick to download the ISO manually. The disadvantages (I think) of this are it installed 1703.0 during this process. Then after that I had to install Cumulative Update for November which is another 932 MB install. Granted at this point “Patch Management” does all my Cumulative Updates and the files are already on the replications shares, but you could have done this all in one task via Using the “Add updates to customized Windows images”. Is installing the Version upgrade separately than the Cumulative upgrade easier to troubleshoot? Sure it is… just throwing that out there as this minimizes downtime for your end users by doing Upgrade instead of doing an Upgrade and then an Update.



Comments

  • Hello sir....
    Pardon my ignorance, I tried google.... but I'm still not seeing what is your goal here...

    So your not updating to 1703 because that's one of the pre-requisites

    So you're updating... Windows Features, like Telnet client and such?

    Or are you updating Windows apps? - Channeler 6 years ago
    • This is to update Windows 10 versions (not build numbers). The wording is a little misleading until everybody gets comfortable with how Microsoft is now releasing updates as either “feature” and “quality” updates. See servicing section below
      https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview - cstewy 6 years ago
  • I'm trying to use this method to update our Windows 10 machines where I am running into problems is getting Kace to find the location I have the iso extracted into. We don't use replicators, but I am trying to have KACE pull it from a network share. could you tell me how you set up your
    %kacelocalrepo% variable thank you. - kallun 5 years ago
    • we use group policy to set this registry value. But you could also make a kace script and use powershell with this command "Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" -Name "kacelocalrepo" -Value "\\server\share"" - cstewy 5 years ago
      • I was able to get kacelocalrepo in the reg but I cant seem to get Kace to call to it. Everything runs like it's working, the script even reports that it ran successfully but nothing happens I copied and pasted your script changing the path to match where I actually have it. - kallun 5 years ago
  • @kallum Can you copy and paste your script here? Also make sure the bat file you are calling you can run by double clicking before you try it in kace. Take the /auto switch out and it will prompt you so you know it is running.
    Also I would make sure you can echo %kacerepo% from command line and get the value you are setting in the reg.
    Hope that helps.... - cstewy 5 years ago
    • Thank you I was finally able to get it to work. I uploaded the ISO files to Kace and ran it as a managed install. The only issue I am having now is getting rid of the bloatware. I can remove it for the current user but it doesn't remove for all users. - kallun 5 years ago
      • If you find a good way to do that please let me know :) - cstewy 5 years ago
  • @cstewy Yesterday I got a batch file to remove the bloatware from all users, "Most of it anyway" when run from an admin command prompt, but when I run it through Kace it says it's successful but it doesn't actually do anything Below is what I have in the bat file. Any thoughts?

    start /wait Powershell "Get-AppXPackage | Remove-AppxPackage"

    start /wait Powershell "Get-AppXPackage -allusers | Remove-AppxPackage"

    start /wait Powershell "Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage -online"

    start /wait Powershell "Get-AppxPackage | % {if (!($_.IsFramework -or $_.PublisherId -eq "cw5n1h2txyewy")) {$_}} | Remove-AppxPackage" - kallun 5 years ago
  • @cstewy
    thank you for this document very helpful, but I have one question that I can't figure out. For the install.wim file your bat file references, I don't have this in my sources folder, so guessing you created that file, but how?? - pspaans 5 years ago
    • I am working on updating windows 10 1703 PCs to 1803 feature update - pspaans 5 years ago
    • This is where the 100 ways to skin a cat comes in. First question I would ask is....
      1.How many devices on one network/subnet/physical location do you have?

      Ideally if you have a large environment set the %kacelocalrepo% via group policy (or via k1000) to set a global variable and use ip targeting so that you know for sure the agent is pulling the .wim from local LAN. - cstewy 5 years ago
      • I have the kacelocalrepo set by GPO, and it works. I tested this by removing the /auto switch and it changed the path to the share when I run the bat file. But it looks like the bat file is calling out install.wim, I don't have this file.
        I have this (below) in my bat file currently and it doesn't do anything when I run it from a cmd prompt, not even an error.
        %kacelocalrepo%\windows101803\setup.exe /installfrom %kacelocalrepo%\windows101803\sources\install.wim /dynamicupdate disable - pspaans 5 years ago
      • I figured it out, the install.wim is not part of the iso you links in step 1, but it is in the ISO we download from the MS vol. license site. - pspaans 5 years ago
  • @pspaans
    When you extract the contents of the .iso (step 1) you should have a folder in that extraction named sources. inside there you will see the install.wim file. - cstewy 5 years ago
  • in my ISO in the sources folder I have install.esd I do not have install.wim Now what?? - jct134 5 years ago
    • this guide is out of date, follow this one instead:

      https://support.quest.com/kace-systems-management-appliance/kb/255380/windows-10-build-upgrade-deployment-walkthrough - Channeler 5 years ago
      • That is much cleaner. Thanks for update (I kno I'm 10 months late). Can you confirm that the managed installs respects replication shares and that each time this is ran the main files are not being copied from the k1000/clientdrop to the client? - cstewy 4 years ago
    • Replication shares have a Failover option, if that option is enabled, and if the Share is NOT available, it will tell the Agents to look for the ISO on the main K1000 Client drop.

      So

      1- make sure those replication shares and synced\updated with the ISO

      2- disable the failover to the main appliance option. - Channeler 4 years ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ