Blog Post

SCCM: Windows 10 Feature Update Rollouts via Application Package

D Walsham • Nov 28, 2019

Update your Windows 10 estate with an Application method!

For those who are performing the Windows 10 feature update rollouts using SCCM software updates you may experience a multitude of issues such as;

  • Feature Update showing as compliant - Normally resolved from having the latest version of the SCCM client installed on a client machine, though there have been reports where this issue still persists after the latest version has been installed
  • Timeout issues after 60 minutes - Normally resolved from increasing the timeout value from the default 60 minutes to 180 minutes for example., but sometimes the timeout can still happen even after setting this when analysing the SetupAct.log and SetupError.logs in the C:\$Windows~BT\Sources\Panther location
  • GPOs for Windows Update SfB Grace Period ends - After approximately a year the latest feature update is then installed on machines which can be resolved from removing the dual scan which scans for Windows Updates from the internet as well as your WSUS/SUP.
There may be an inconsistency when it comes to deploying the feature update in this method and you may want not only a more controlled method where you can deploy to a certain amounts of devices but you also want to build the consistency in successful deployments.

Benefits of Deploying a Feature Update via Application

The benefits of doing it this way are the following;

  • No issues of having the update show as compliant and not deploying
  • No timeout restriction during the actual installation
  • Better control of the deployment without need of using the Windows Sfb GPOs
  • Control on whether devices will have a forced restart or a user controlled restart


Building the Feature Update Application

Where to get the files

You can get them from two ways;

  • Download the Software update from the SCCM console and select a location to download it to
  • Download from Windows update which will end up in the C:\Windows\SoftwareDistribution\Download\
You should see two files after that;
  • *.ESD File
  • WindowsUpdateBox.exe
These two files are used to apply the Windows feature update. The *.ESD file is essentially a WIM file which is applied from using the WindowsUpdateBox.exe which we will look more into creating the install commands for this within the next section.

Once we have the files downloaded they will be needed to be placed into a folder within your content share which you would normally keep all of your applications when distributing them to your DPs.

Installation Command for the Feature Update

Install commands will follow as below along with an explanation to the commands and what more can be done with them.

Create file called "Install.cmd" and then enter the the following commands below

start /w WindowsUpdateBox /Update /PreDownload /quiet
start /w WindowsUpdateBox /Update /Install /quiet
start /w WindowsUpdateBox /Update /Finalize /quiet
The commands above take care of the intial preparation for the Windows 10 Feature update, as well as the install and the finalize step is where the machine would reboot.

If you require the update to not perform a reboot then you can add a /noreboot switch to each line.
( Note: Read the section of the deployment of the application to know how to handle the process once this switch has been added)

Steps on how to create the application

  1. Open the Configuration Manager Console
  2. Go to the Software Library
  3. Right click Applications and choose Create Application
  4. General: Specify settings for this application - Click to "Manually specify the application information" then click next.
  5. General Information: Specify information about this application - Enter a name such as "Windows 10 Feature Update" and along with the feature update number you are looking to rollout then click next.
  6. Software Center: Specify the Software Center entry - Click next
  7. Deployment Types: Configure deployment types and the priority in which they will be applied for this application - Click Add.
  8. Create Deployment Type Wizard: General: Specify Settings for this deployment type - Click to "Manually specify the deployment type information" then click next.
  9. General Information: Specify general information for this deployment type - Provide a name for the deployment type then click next.
  10. Content: Specify information about the content to be delivered to target devices - Browsee to the location where you have downloaded the software update and type in Install.cmd for the installation program. Then click next.
  11. Detection Method: Specify how this deployment type is detected - Click Add Clause
  12. Detection Rule - Configure the registry settings as below. This would be the location to get the build number ( Note: this is for 1809)

13. User Experience: Specify user experience settings for the application -
Installation Behavior: Install for System
Logon Requirement: Whether a user is logged on or not
Installation Program Visibility: Normal
Click next
14. Requirements: Specify installation requirments for this deployment type - Click next
15. Dependencies: Specify software dependencies for this deployment type - Click next.
16. Summary: Confirm the settings for this deployment type - Click next.
17. Summary: Confirm the settings for this Application - Click next.

Deploy the Windows 10 Feature Update

Now you should be ready to deploy the application to machines within a collection to perform the Windows 10 feature update.

You can also create a Task Sequence with the application so that you can initiate a restart notification, as the default of this deployment method would restart as soon as the finalize command line takes place.

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side Part 4 - SQL Server Requirement Analysis

by D Walsham 13 Dec, 2021
Looking through the current SQL Server topology and how it affects our decision

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side Part 3 - Current Branch Upgrade Approaches

by D Walsham 19 Nov, 2021
Impact of Current Branch Upgrades

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side - Part 2 - Operating System Considerations

by D Walsham 29 Oct, 2021
Introduction

Microsoft Endpoint Manager: In-Place Upgrade or Side by Side

by D Walsham 07 Oct, 2021
Introduction

Endpoint Manager: Device Estate Cleanup

by D Walsham 06 Oct, 2021
Introduction

Modern Workplace Management: Creating Applications Common Practices - LOB vs Win32 Package

by D Walsham 03 Sept, 2021
Introduction

Modern Workplace Management: Build Endpoints Without SCCM Part 6

by D Walsham 12 Aug, 2021
All the parts of the series we went into great detail about how we analyse an end to end solution and how we would design a solution in which would allow us to build endpoints without SCCM being a dependency. Whilst we did this, there is another scenario which we have not touched on yet, which is the hybrid scenarios. In a perfect world ideally you would have your Azure Active Directory within the cloud, every machine meets the recommended requirements for Windows 10, everything is imported into Intune/Autopilot and everyone is happy. But we know this isn't realistic in all cases. Many organisations cannot just simply up and go from on-premise into the cloud therefore the checkpoint here is of course getting into hybrid solutions such as; Co-Management Between Intune and SCCM Hybrid AD with Azure AD and On-Premise AD syncing together These things can play a very interesting part in how you would tackle this if you envisage the next step in the blueprint is to be in a position in which you can build and manage endpoints soley within Intune. With this final part of the series we will go in-depth in how the common hybrid setups look like and how we go about moving into the next step of being able to manage and build devices without SCCM.

Modern Workplace Management: Build Endpoints without SCCM Part 5

by D Walsham 29 Jul, 2021
In continuation from the previous part where we had discussed how we create the "on site" piece of the solution, this was the part which would allow us to get our endpoints into a state in which they would essentially be ready to go through the Autopilot process. Which leaves our next piece of the puzzle, to begin the configuration of the actual backend side that resides within our Endpoint Management console. And you will see how everything ties up together to satisfy the full end to end process of getting an unknown (or known) device to proceed thorough the whole workflow to be finally managed by Intune without the aid of SCCM taking part in any of the prerequisites or preparation at hand.

Modern Workplace Management: Build Endpoints without SCCM Part 4

by D Walsham 15 Jul, 2021
In this part we are now going to look into the technical step by step points on how we put everything together. In the previous part we spoke about the structure of how we would asses whether a machine was actually ready to be built with Autopilot or not with a build checklist process which would step through all areas which would cover an endpoints eligibility. Now with everything planned out we finally want to step into making things reality by putting everything together.

Endpoint Manager: Find machines not in Autopilot

by D Walsham 02 Jul, 2021
When it comes to managing your endpoints in endpoint manager, one of the things you may be looking to do is to get all of your Intune registered machines to also be enrolled as Autopilot devices. Now we can of course just have the deployment profile deployed to all machines and then hit the "Convert targeted machines to autopilot" but this might not necessarily be feasible for every client. We may want to perform some due diligence first so we can at least understand what devices in Intune are not in Autopilot.
Show More
Share by: