/build/static/layout/Breadcrumb_cap_w.png

Windows 10 Feature Update

I am using the following walk though on installing the 1909 feature update. I followed all steps but when my computer reboots and I log back in ( the PC is encrypted with McAfee) it comes to a screen where it wants me to choose a language and then an option to continue to Windows 10 (the screen where it has the troubleshoot option). It will deploy successfully on a non encrypted computer. 



  • Description


    Windows 10 build upgrades, such as the 'Fall Creators Update' or 'April 2018 Update', are not currently available in the KACE patch feed. Alternatively, these build upgrades can still be deployed from the KACE Systems Management Appliance by utilizing the Managed Installation feature. This guide details this approach.

    Last updated: Jan 11, 2019 on SMA version 9.0.270.

  • Cause

    Background

    Windows 10 build upgrades are not traditional patches, rollups, or even service packs. From a deployment standpoint, they are designed and behave like an in place operating system upgrade. As such, they require more planning and testing than traditional patches, and they require more resources (disk capacity for server and client, bandwidth, installation time, etc).

  • Resolution

    NOTE: This guide uses the 1803 'April 2018 Update' as the build example throughout the steps below.

    Step 1 - Create the Package

    The build upgrades must be obtained from Microsoft. They are distributed in ISO format and must be extracted and repackaged for deployment with a third-party product, such as the KACE Systems Management Appliance.

    1. Download the ISO for the appropriate build. This can be done commonly using two methods (third alternative also listed):
      1. Download the ISO from the MSDN Library, if applicable (requires an MSDN license). The ISO will be named similarly to 'en_windows_10_business_editions_version_1803_updated_march_2018_x64_dvd_12063333.iso'. Ensure the proper edition is downloaded.
      2. Download the Media Creation Tool from https://www.microsoft.com/en-us/software-download/windows10.
        1. Launch the tool.
        2. When it asks "What do you want to do?", choose "Create installation media (USB flash drive, DVD, or ISO file) for another PC". Click Next.
        3. If recommended options for language, architecture, and edition are desirable, click Next. Otherwise, adjust as needed before proceeding.
        4. For "Choose which media to use", select "ISO file" and click Next.
        5. Choose a name (example: Win10_1803_English_x64.iso) and location to save the ISO file. The utility will now build the ISO file.
        6. Click Finish when the wizard completes.
      3. Alternative Method: Download the ISO directly from https://www.microsoft.com/en-us/software-download/windows10ISO by visiting the URL on a non-Windows (OSX or Linux) operating system. The site will only allow download of the ISO directly if visiting from a non-Windows platform.
    2. Mount the ISO and compress its contents into a .zip file.
      1. In Windows 10, the ISO can be mounted by right-clicking on the file and choosing "Mount" or simply double-clicking on the ISO file.
      2. Make sure that you have 7-Zip installed from here.
      3. Once mounted, select all of the files within the ISO (not the directory/drive, but the files within it), then right click and choose "7-Zip > Add to Archive... ".

        KB_1-547AMZ0_AddToArchive.png

        Click To See Full Image.


      4. Since the ISO is read-only, select another location to place the zip file (such as C:\Desktop, etc). Choose "OK".

        KB_1-547AMZ0_ArchiveLocation.png

        Click To See Full Image.


      5. After compression completes, the zip file will be created on the selected location with an automatically generated name (example: setup.zip). Rename appropriately (example: Win10_1803_English_x64.zip). This zip file will be used in the following steps.
      6. Unmount the ISO (right-click the drive and Eject), then store/discard the ISO, as desired.

    Step 2 - Upload the Package to the SMA

    Due to file size limitations, the build upgrade zip (depending on size) must be uploaded to the SMA via the 'clientdrop' samba share. The maximum file size for upload via the web UI of the SMA is 2GB (version 8.0 and earlier) or 4GB (version 8.1 and later), and build upgrades tend to be slightly too large for PHP upload. The Samba method avoids the upload limit entirely.

    1. If Samba is not enabled, enable it (Samba can be disabled after the package is uploaded and imported in step 3). Samba enable/disable settings are found on the Security Settings page (Settings > Security Settings) in the Admin UI (single-org) or System UI (multi-org). To enable Samba, the "Enable organization file shares" checkbox must be checked.

      KB_1-547AMZ0_w10bu_samba.png

      Click To See Full Image.


    2. Ensure the share is also enabled at the Organization level and that credentials for the clientdrop (admin) Samba share are known. If not, the password can be reset on the Settings > General Settings page in the Admin UI (org-specific for multi-org systems).

      KB_1-547AMZ0_w10bu_samba_share.png

      Click To See Full Image.


    3. Connect to the clientdrop share. This can be done in Windows by opening a Windows Explorer window and typing in the share address for the SMA (example: \\k1000\clientdrop, replacing k1000 with the SMA hostname).

      KB_1-547AMZ0_w10bu_clientdrop.png

      Click To See Full Image.


    4. Drag and drop the .zip file created in step 1 into the clientdrop share.

      KB_1-547AMZ0_w10bu_clientdrop_copy.png

      Click To See Full Image.


    5. Once the file is listed in the clientdrop share, move on to Step 3.

      KB_1-547AMZ0_w10bu_clientdrop_done.png

      Click To See Full Image.


    Step 3 - Map the Package to a Software Title

    Create a software title using one of the two methods listed, and then map the .zip file to it.

    Method 1: Build a Custom Software Title

    This method allows for a custom title and custom inventory rule to grant greater control of reporting and more obvious naming of each build upgrade. If the custom inventory rule is designed in a way that can detect across multiple editions and upgrade branches, then this method is also edition/branch agnostic. Method 1 is the recommended approach.

    1. In the Admin UI, go to Inventory Software.
    2. Select Choose Action > New.
    3. Fill in the NameVersionPublisher, and Notes fields as desired. This is the 'custom' part of this approach. An example is provided:

      KB_1-547AMZ0_w10bu_cust_soft_fields.png

      Click To See Full Image.


    4. In the Custom Inventory Rule field, there are many possibilities to detect the build number. For the sake of simplicity, this guide uses the ReleaseId registry value in HKLM\Software\Microsoft\Windows NT\CurrentVersion to detect the build number. This may not work in all editions/branches of Windows 10 (e.g. LTSB).
      1. RegistryValueEquals(HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion,ReleaseId,1803)

        KB_1-547AMZ0_w10bu_cir.png

        Click To See Full Image.


    5. The Magic Step: This is where we associate the zip file from the clientdrop share to the Software title. Simply choose the file in the drop down. This will pull the file into the proper location on the filesystem and remove it from the Samba share.

      KB_1-547AMZ0_w10bu_upload_assoc.png

      Click To See Full Image.


    6. Click SaveNote: After the page is saved and the file is reassigned, Samba can be safely disabled.

    Method 2: Use the Automatically Detected Software Title

    This method requires the new build to have been installed on at least one system with an SMA agent that has reported inventory at least once since applying the upgrade. This method is simpler than method 1, because it does not require creation of a new software title or creation of the custom inventory rule to go along with it.

    1. After at least one system has been upgraded using an alternative method (i.e. not the SMA) in the environment and has successfully uploaded inventory to the SMA, find the new build title with the appropriate version in the Software list. Example: For the Spring 2018 Update (Build 1803) on Windows 10 Pro (the edition matters when using this method), the title is 'Microsoft Windows 10 Pro x64' with a version of '10.0.17134'. This title can also be found by viewing the device's inventory record and clicking on the newly detected version of Windows 10 under 'Installed Programs'.
    2. Once the correct title has been identified, click on it to go to its software detail page.
    3. Perform Steps 5 and 6 only from Method 1 above. Since this title is auto-detected, the fields will be pre-populated and the custom inventory rule is not required.

    Step 4 - Create the Managed Installation

    At this stage, the Managed Installation is created exactly as any other Managed Installation would be created. The steps are detailed here, but anyone familiar with creating/deploying Managed Installations can likely complete the process from this point on from experience. However, even those experienced may want to take note of the Full Command Line example below.

    1. In the Admin UI, go to Distribution Managed Installations.
    2. Select Choose Action > New.
    3. Input a Name. For this example, the name is 'Windows 10 x64 Build 1803".
    4. Set the desired Execution option based on the environmental requirements/preferences. Something must be chosen other than Disabled or the MI will not deploy.
    5. For the Inventory field, Software must be selected.
    6. In the Software drop-down, choose the title from Step 3 that has the zip associated to it.
    7. For Associated File, choose "Use associated file" to use the file that is already associated to the software item.
    8. If desired, "Delete downloaded files" can be enabled to purge the installer from cache after installation on the client.
    9. For Installation Options, choose "Override default installation" and ensure "Don't prepend msiexec.exe" is checked.
      1. For Full Command Line, this example shows an auto upgrade with no UI output on the endpoint and no OOBE upon reboot. All command line options can be found at https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2015/09/14/windows-10-setup-command-line-switches/.
      2. Full Command Line: setup.exe /auto upgrade /quiet /showoobe none

        KB_1-547AMZ0_w10bu_mi.png

        Click To See Full Image.


    10. In the Deploy section, assign the MI to specific label(s) and/or device(s) (this is where we strongly recommend testing with a small set of machines in a test label before rolling out to larger, network-wide labels), as needed/desired.
    11. Configure the Notify section according to environmental requirements/preferences.
    12. Configure the Schedule section according to environmental requirements/preferences. Note: Adjusting the deployment window is not advised, as MIs are only run during inventory interval. If the window is configured such that it is not open long enough for all systems to run an inventory interval, then affected systems will never attempt to deploy the build upgrade. Order defines the order the MI is run in versus other MIs and their order values. If the value in Maximum Attempts is exceeded due to installation failure, the MI will cease deployment attempts for those devices.
    13. Click Save. If an immediate test is desired and a test label or test device(s) have been assigned, Run Now can be chosen to push out the deployment to all assigned devices immediately. Otherwise, the MI will deploy based on the Execution option.

Comments

  • I believe I have solved this. You need to add a /ReflectDrivers switch and point it to your EEE OSUpgrade location for McAfee it is "C:\Program Files\McAfee\Endpoint Encryption\OSUpgrade". I do still have a slight problem, for some reason the completion message under the notify section is not showing when it logs back into the OS. - jrunkles1221 4 years ago
  • I heard that if you update the McAfee encryption software the issue should go away

    besides that... review this KB https://kc.mcafee.com/corporate/index?page=content&id=KB89000 - RandomITdude24 4 years ago
  • hi
    does this work with build 2004?
    My sma doesnt seem to deploy the windows feature for some reason - psaussey 3 years ago
    • Hi, are you trying to deploy win 10 2004 using Windows Feature Update functionality built-in SMA (under security) or the way it’s described in this article? - mehulpatel2012 3 years ago
    • If you are following this procedure instead of the one under security it should work as you are basically just unzipping the ISO and calling the installer - RandomITdude24 3 years ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ