/build/static/layout/Breadcrumb_cap_w.png

Windows 10 Out of Date Build Report & Install Script

Here is an example report that will tell you which machines are missing the latest version of Windows 10 (the script is currently set to 1809 but can be modified to your liking):

3+5Jg2AtzqOHgAAAABJRU5ErkJggg==

To install, on your K1000, go to the adminui and click on Reporting -> Reports.  From there, click Choose Action -> New (SQL).  Name the report as you see fit (I named ours Windows 10 Out of Date Build).  Put in a description, select a category (likely Patching).  Then leave Break on columns blank and copy/paste the below SQL into the box.  Hit Save and then you can run it.

SELECT 
    MACHINE.NAME AS SYSTEM_NAME,
    MACHINE.IP,
    CASE SC.CLIENT_CONNECTED
        WHEN 1 THEN 'True'
        WHEN 0 THEN 'False'
        ELSE 'Unknown'
    END AS PC_CONNECTED,
    MACHINE.CREATED,
    LAST_INVENTORY,
    MACHINE.MAC,
    OS_RELEASE
FROM
    MACHINE
        LEFT JOIN
    KBSYS.KUID_ORGANIZATION KUID_ORG ON KUID_ORG.KUID = MACHINE.KUID
        LEFT JOIN
    KBSYS.SMMP_CONNECTION SC ON MACHINE.KUID = SC.KUID
        AND SUBSTRING(SCHEMA(), 4) = KUID_ORG.ORGANIZATION_ID
WHERE
    ((OS_RELEASE < '1809')
        AND (OS_NAME LIKE '%Windows 10%'))
ORDER BY OS_RELEASE , SYSTEM_NAME

Now that you know which ones are not compliant, how can you quickly and easily update these without having to touch each machine?  I wrote up a script to accomplish this.

But, before we get to the script, I created a Smart label to make it easy to maintain.  Under Inventory -> Devices, click on Smart Label on the right.  Select Release then < and enter 1809 or whatever build you want to be at.  Leave And selected and Add Line.  Then select Name under Operating System contains Windows 10.  If you test, you should get a list of all machines that do not have 1809 (or whatever you put for build number).  Save this smart label.

I then created a new Script under Scripting -> Scripts.  Here are some screenshots to make it easier to convey (these screenshots were taken on KACE K1000 version 10).  Quick prerequisites: You need the Windows 10 build that you wish to upgrade to.  You can download these through the Volume Licensing Service Center if you have a VLK.  Otherwise, you can download directly from Microsoft (Google: Update Windows 10 and you should find an update tool that generates an ISO).  Once you find the ISO, mount it on your computer and copy all the contents to a folder.  I created a network share on all of our domain controllers at each of our locations and replicated the folders to all of them so that the upgrade runs locally instead of over the WAN.  I used the nltest /dsgetdc command to get the servicing domain controller (local).  (Side note: If you are having issues with pulling the wrong domain controller information, check your DNS under _sites.yourdomain, specifically under _tcp and delete domain controllers not at that site.)

weA+ywzg5ieIAAAAABJRU5ErkJggg==

Note the next section that was omitted was the Credentials area.  Select a Domain Admin account or an account that can access the network share (unless you allow "Everyone" read-only on your network share).

3iCAAAAAElFTkSuQmCC

Also be sure to select Allow run without a logged-in user under Schedule Options.

Here is the task (Note there is a DeleteOldProfiles.cmd file, but that was for our specific use-case [so ignore this].  We ran into issues running the upgrade on machines that had duplicate domain profiles as we were migrating to a new domain.):

SfxTzPsJLzohFgAAADpHiAUAAAAAOGNCLAAAAADAGRNiAQAAAADOmBALAAAAAHDGhFgAAAAAgDMmxAIAAAAAnKmX4v8CqTypQfUvCfIAAAAASUVORK5CYII=

fYldfcrApDAAAAAElFTkSuQmCC

For ease of copy/paste, I am including the batch file content for UpdateWindows10.cmd:

@ECHO OFF
echo This command updates Windows 10 whether or not the user is logged in
echo Another creation of Ryan
TIMEOUT /T 120 /NOBREAK
for /f "tokens=1-2" %%i in ('nltest /dsgetdc:contoso.com ^| find "DC:"') do (
 set MYDC=%%j )
rem Removes space from MYDC
set MYDC=%MYDC: =%
setx MYDC %MYDC%
setx MYDC %MYDC% /m
%MYDC%\PathTo\Win10x64_1809\UpdateWin10_1809.cmd

As mentioned, be sure to have this path replicated across your environment else it will not work.  You will also need a domain controller for every location.  Again, you can modify this as you see fit.

MgqvaSKWg38AAAAASUVORK5CYII=

Here is what is located in UpdateWin10_1809.cmd

%~dp0setup.exe /auto upgrade /installfrom %~dp0sources\install.esd /dynamicupdate disable

Be sure to place the aforementioned file in the same folder as the setup.exe is located for the Windows 10 update disk files.

For those who ran into the issue with having duplicate profiles in the registry, which prevents these build updates, I am including the script I wrote to fix this (NOTE: You must modify the S-1-5-21 lines to match the old domains SID and if you only have 1, you can delete the second for /f below):

@echo off
rem This deletes old profiles from the Registry
rem That is all it does nothing more nothing less
rem Created by the infamous Ryan
for /f "delims=" %%a in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" ^| find "S-1-5-21-1234512312"') do (
     echo Deleting %%a
     reg delete "%%a" /f
)
for /f "delims=" %%b in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" ^| find "S-1-5-21-12345621"') do (
     echo Deleting %%b
     reg delete "%%b" /f
)
Hope this helps!

Ryan

Comments

  • Another great post. I wish I could deploy this one but will have to wait until I get the go-ahead to move to 1903. Will definitely come in handy then. - jonniipalos 5 years ago
This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ