Forum Discussion
Windows 10 Feature Updates Remotely
We are currently using SCCM using Windows 10 upgrade task sequences to mange our Microsoft Windows 10 feature updates. With 300 of staff going remote and SCCM upgrade task sequences not being an option. What free ways does Microsoft recommend for managing these updates?
-Zachary
11 Replies
zaclaramay We have been upgrading these users with the CMG. We set the content location to download all content prior to start.
We also mark the task sequence allow to run on Internet. The only issue we see is the status messages for the deployment status are not returned after the new OS is deployed.
here is a snip-it from the documentation:
Allow task sequence to run for client on the Internet: Specify whether the task sequence is allowed to run on an internet-based client. Operations that require a boot media, such as the installation of an OS, aren't supported with this setting. Use this option only for generic software installations or script-based task sequences that perform operations in the standard OS.
- This setting is supported for deployments of a Windows 10 in-place upgrade task sequence to internet-based clients through the cloud management gateway. For more information, see Deploy Windows 10 in-place upgrade via CMG.
https://docs.microsoft.com/en-us/mem/configmgr/osd/deploy-use/deploy-a-task-sequence
- @gwblok Lack of VPN is likely the case.
Yeah, if you don't have VPN back to connect to your internal CM infrastructure, TS's become very difficult.
If you do have VPN, then it's completely possible, even with slow links thanks to LEDBAT++ and BranchCache Technology.
gwblok @Harjit Dhaliwal we have a VPN but unfortunately its not set as always on and users tend to only be connected for a short window at a time. That is why we are looking for other options to manage windows 10 feature updates.
zaclaramay We use the upgrade task sequence remotely on computers connected to the VPN and to the CMG. it is only OS deployments that cannot go over the CMG. For Upgrades, you use to have to select to pre-download all the content first, but i think in 1806, that requirement was removed.
- AriaUpdated
Microsoft
zaclaramay there are a few different ways that you can manage updates for your remote workers.
1. You can deploy feature updates as a software update from Configuration Manager and allow clients to acquire the content for those directly from Windows Updates rather than from on premise DPs while still maintaining management of the updates from Configuration Manager so long as you configure correctly (see these blogs 1, 2).
2. To further reduce VPN traffic, you can utilize Windows Update for Business which is free whether through Group Policy or through moving your Windows update workload to co-management with Intune. Please see the docs on how to set this up here.
Please let me know if you want any more information on either of these approaches. 🙂
AriaUpdated thank you for your reply. I will look into the managing the updates via Windows Updates rather than from on premise DP. We will just have to do some testing as we deploy several scripts in our Upgrade Task Sequence to resolve bugs in the Windows feature upgrade process.
-Zachary
For the scripts you run in your IPU process currently via a Task Sequence, you might be able to leverage the Custom Action Scripts that run at various times during the Windows 10 Setup Engine process:
https://garytown.com/windows-10-upgrade-custom-action-scriptsYou might also be able to leverage scheduled tasks, and have the scripts look for specific conditions to know when to run.
zaclaramay Can you explain why you'd say "SCCM upgrade task sequences not being an option."
Is it because they don't have VPN to connect back to the ConfigMgr MP & DPs?
