I'm interested to know if anyone else is using KACE (K1000) to block the Windows 10 Anniversary update. After updating, it is causing some users BitLocker to go into recovery mode. We want to figure out what is happening here before allowing anymore machines to be updated. Thanks in advanced. 
Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answer Chosen by the Author

0
After reviewing a couple things, it appears it doesn't push this update out (When we updated our systems, they were automatically on v1511 -- so I never had to do the "Upgrade", nor did I know that it's more of a manual upgrade to either 1511 or 1607.  

I am on the phone with support right now about this...

https://kace.uservoice.com/forums/82699-k1000/suggestions/15715755-patching-windows-10-anniversary-updates


Answered 08/29/2016 by: pschiele
White Belt

  • So, the question still remains, can KACE be used to block individuals from installing the Anniversary version from the Windows update or downloading the update directly from Microsoft?
    • 1st Question -- Is the update actually showing up, when you run a Windows Update on a Windows 10 Pro x64/x86 machine? I can't seem to get it to show up when we "Check for updates".
      • Microsoft is rolling it out and is not available to everyone at once. I downloaded the update directly from Microsoft's website. Others are already getting it from the Windows Update.
  • That's what I read too, but I find it odd that we haven't "Received" it yet. I was under the impression, if you use Pro\Enterprise, you have to use SCCM, or install it manually (if your lucky, you can silently script this). I mean we are almost at one month, and they haven't rolled it out to everyone? It's also not an "Update", but rather an "Upgrade", and KACE Support told me they are "Not" supporting this right now, because it's not packaged the same.

    So to help you with "Blocking it", you could make a GPO to not allow the ******.exe file to run. That will at least help if someone tries to install it from their main webpage download. If they rename it, it would run (and they are admin of their local PC). You might wanna add the (1) (2) (3) up to 10 just ot be safe if they download it multiple times. If I remember right, there is also a "Disable OS Upgrade" policy setting as well (not sure if it will work in this scenario).
Please log in to comment

Answers

0
Here is my issue...  Not that I want to push out this update, but I am unable to "Detect" it, when detecting patches on my machines. Maybe I am confused, but it appears the update is in the patch repository (Label and everything assigned to it), but it isn't being detected (shown as missing)....
Answered 08/29/2016 by: pschiele
White Belt

  • The version number is not as obvious especially if you are looking at the inventory list. Go off of the Operating System Version or Operating System Build Version which is 10.0.14393 or 14393 respectively.
Please log in to comment
Answer this question or Comment on this question for clarity