Windows 10 Feature Updates Remotely

Copper Contributor

We are currently using SCCM using Windows 10 upgrade task sequences to mange our Microsoft Windows 10 feature updates. With 300 of staff going remote and SCCM upgrade task sequences not being an option. What free ways does Microsoft recommend for managing these updates? 

 

-Zachary

11 Replies

@zaclaramay  Can you explain why you'd say "SCCM upgrade task sequences not being an option."

Is it because they don't have VPN to connect back to the ConfigMgr MP & DPs?

@zaclaramay there are a few different ways that you can manage updates for your remote workers. 

 

1. You can deploy feature updates as a software update from Configuration Manager and allow clients to acquire the content for those directly from Windows Updates rather than from on premise DPs while still maintaining management of the updates from Configuration Manager so long as you configure correctly (see these blogs 1, 2).

2. To further reduce VPN traffic, you can utilize Windows Update for Business which is free whether through Group Policy or through moving your Windows update workload to co-management with Intune. Please see the docs on how to set this up here

 

Please let me know if you want any more information on either of these approaches. :)

@zaclaramay We use the upgrade task sequence remotely on computers connected to the VPN and to the CMG.  it is only OS deployments that cannot go over the CMG.  For Upgrades, you use to have to select to pre-download all the content first, but i think in 1806, that requirement was removed.  

 

 

@gwblok Lack of VPN is likely the case.

@Aria Carley thank you for your reply. I will look into the managing the updates via Windows Updates rather than from on premise DP. We will just have to do some testing as we deploy several scripts in our Upgrade Task Sequence to resolve bugs in the Windows feature upgrade process. 

 

-Zachary

@zaclaramay 

For the scripts you run in your IPU process currently via a Task Sequence, you might be able to leverage the Custom Action Scripts that run at various times during the Windows 10 Setup Engine process:
https://garytown.com/windows-10-upgrade-custom-action-scripts

 

You might also be able to leverage scheduled tasks, and have the scripts look for specific conditions to know when to run.

@Harjit Dhaliwal 

Yeah, if you don't have VPN back to connect to your internal CM infrastructure, TS's become very difficult.

If you do have VPN, then it's completely possible, even with slow links thanks to LEDBAT++ and BranchCache Technology.  

@gwblok @Harjit Dhaliwal  we have a VPN but unfortunately its not set as always on and users tend to only be connected for a short window at a time. That is why we are looking for other options to manage windows 10 feature updates.

@zaclaramay 
I hear you on that, we too had a handful of users who rarely would connect to VPN.  At at point it became a management issue.  They were instructed to turn on their computer at 6PM, connect to VPN and leave it on overnight so it could upgrade over VPN.  Failure to comply was failing to complete job duties.

@gwblok @zaclaramay I had IBCM configured for my ConfigMgr but soon after the sudden WFH mandate, I discovered IBCM was not working properly. After getting it fixed, it required the clients to VPN at least once for a duration of time to pick up new policies and changes. Catch-22 is that some remote systems don't have the VPN client installed and they are unable to install due to lack of local admin creds for UAC elevation. Sigh! 

@zaclaramay We have been upgrading these users with the CMG.  We set the content location to download all content prior to start.

 

Snag_1a8b4ea.png

 

We also mark the task sequence allow to run on Internet.  The only issue we see is the status messages for the deployment status are not returned after the new OS is deployed.

 

here is a snip-it from the documentation:

Allow task sequence to run for client on the Internet: Specify whether the task sequence is allowed to run on an internet-based client. Operations that require a boot media, such as the installation of an OS, aren't supported with this setting. Use this option only for generic software installations or script-based task sequences that perform operations in the standard OS.

  • This setting is supported for deployments of a Windows 10 in-place upgrade task sequence to internet-based clients through the cloud management gateway. For more information, see Deploy Windows 10 in-place upgrade via CMG.

https://docs.microsoft.com/en-us/mem/configmgr/osd/deploy-use/deploy-a-task-sequence