Windows patching questions

Hi new user here and im having some questions

I created a windows policy patch that install updates each day, is it at the same time that Syncro checks for available updates on the PC?

  1. I have a windows 10 21h1 PC and even tho i see 22H2 avaialble on the pc syncro doesnt offer it even in manuel settings
  2. same way to upgrade pc from windows 10 to windows 11

thanks

Feature Updates are not installed via Syncro. I wish they’d show that they are pending, but they do not. You’ll need to script install these. I haven’t tested Windows 10 to 11 upgrade via script, but here are 2 to keep both updated to the latest feature update.

Windows 10

# Credit to Jeff Waits for the original script
$workingdir = "c:\temp"
$url = "https://go.microsoft.com/fwlink/?LinkID=799445"
$file = "$($workingdir)\Win10Upgrade.exe"

If(!(test-path $workingdir))
{
New-Item -ItemType Directory -Force -Path $workingdir
}

Invoke-WebRequest -Uri $url -OutFile $file

Start-Process -FilePath $file -ArgumentList "/quietinstall /skipeula /auto upgrade /copylogs $workingdir"

Windows 11

# Credit to Jeff Waits for the original script
$workingdir = "c:\temp"
$url = "https://go.microsoft.com/fwlink/?linkid=2171764"
$file = "$($workingdir)\Win11Upgrade.exe"

If(!(test-path $workingdir))
{
New-Item -ItemType Directory -Force -Path $workingdir
}

Invoke-WebRequest -Uri $url -OutFile $file

Start-Process -FilePath $file -ArgumentList “/Install /MinimizeToTaskBar /QuietInstall /SkipEULA /copylogs $workingdir”

Ok so what is the feature packs means then?

image

Looking in N-Central these are the only patches with that classification. Microsoft doesn’t use it much:

All these questions were discussed here.

Ok
Last question

If I have syncro with a windows policy applied is there a way to prevent windows 10 to upgrade to 11 or since it’s not supported by syncro it won’t ever upgrade unless I do it manually with a power shell script

Envoyé de mon iPhone

In the community scripts, search “Windows 11” and it’s by Cyberdrain.

Thanks

Also I’ve tried this script to update to 22h2

$workingdir = “c:\temp”

$url = https://go.microsoft.com/fwlink/?LinkID=799445

$file = “$($workingdir)\Win10Upgrade.exe”

If(!(test-path $workingdir))

{

New-Item -ItemType Directory -Force -Path $workingdir

}

Invoke-WebRequest -Uri $url -OutFile $file

Start-Process -FilePath $file -ArgumentList “/quietinstall /skipeula /auto upgrade /copylogs $workingdir”

Everything seems to work but after 3h I still have the process

Modern setup Host

Windows 10 setup

Windows installer

Windows installation assistant

I seem to have no info if its still running or if its jammed

image001.png

image002.png

image003.png

image004.png

image005.png

It does take a while, but yes, there’s no way of knowing if it’s done except it will auto restart with the normal countdown, which is like 40 minutes of it just sitting there. I just applied this to hundreds of systems, so I know the script works. I actually found out from one of my clients, who has a dinosaur of a computer, hers didn’t restart until 2PM the next day, which put it at like 22 hours, whoops! You might can look at the logs in the temp folder, but I haven’t ever had to look at them, but it may have an accurate modified timestamp.

It finally worked but the problem is that it auto restart

It’s a big issue for cuistomer as we don’t know how long the install will take and doesn’t give reboot warnings

Any better way?

image001.png

image002.png

image003.png

image004.png

image005.png

Another thanks to MS on this one, they insist it’s important to force the reboot. The normal /noreboot switch does not work. If it did, you could script it to check for the processes and alert/ticket and all that fancy jazz.

I came across this script using the enablement method to update. It will not work on versions older than a certain build, but otherwise seems to be fine and does not force a restart. Downside is it will require tracking down the new KB every time a new build comes out. This will probably one of the last Windows 10 builds anyway though and at worst once a year with the new update cycle. I would suggest removing your certification logos, it’s annoying to scroll through every post and we’re not clients for you to impress.

# Set up constants for better readability throughout the scripts
$CABfile = 'windows10.0-kb5015684-x64_d2721bd1ef215f013063c416233e2343b93ab8c1.cab'
$CABfileURL = "https://catalog.s.download.windowsupdate.com/c/upgr/2022/07/$($CABfile)"
$TargetFolder = $Env:Temp
$TargetFile = $TargetFolder + '\\' + $CABfile
$OSKernelFile = Get-Item "$env:SystemRoot\System32\ntoskrnl.exe"

# Do checks to make sure target system is both eligible for and needs the upgrade
# Are we at 22H2 already? If so, bail from script.
If ((Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'DisplayVersion').DisplayVersion -eq '22H2') {
    Write-Output 'Host is already running version 22H2; no Feature Update required - exiting.'
    exit
}

# If not at 22H2, are we running an eligible Windows 10 kernel version?
If ((($OSKernelFile).VersionInfo.FileVersionRaw).Build -ge 19041 -and (($OSKernelFile).VersionInfo.FileVersionRaw).Revision -ge 1237) { 
    Write-Output 'Host OS build is adequate for enablement package - proceeding with upgrade.'
} Else {
    Write-Output 'Host OS build is too old to be updated with this enablement package -- exiting.'
    exit
}

# Download the CAB file for install
Invoke-WebRequest -Uri $CABfileURL -OutFile $TargetFile

# Invoke DISM to install the Enablement Package
DISM /Online /Add-Package /PackagePath:$TargetFile /Quiet /NoRestart
1 Like