NOTE: This guide uses the 1803 'April 2018 Update' as the build example throughout the steps below.
Step 1 - Create the Package
The build upgrades must be obtained from Microsoft. They are distributed in ISO format and must be extracted and repackaged for deployment with a third-party product, such as the KACE Systems Management Appliance.
- Download the ISO for the appropriate build. This can be done commonly using two methods (third alternative also listed):
- Download the ISO from the MSDN Library, if applicable (requires an MSDN license). The ISO will be named similarly to 'en_windows_10_business_editions_version_1803_updated_march_2018_x64_dvd_12063333.iso'. Ensure the proper edition is downloaded.
- Download the Media Creation Tool from https://www.microsoft.com/en-us/software-download/windows10.
- Launch the tool.
- When it asks "What do you want to do?", choose "Create installation media (USB flash drive, DVD, or ISO file) for another PC". Click Next.
- If recommended options for language, architecture, and edition are desirable, click Next. Otherwise, adjust as needed before proceeding.
- For "Choose which media to use", select "ISO file" and click Next.
- Choose a name (example: Win10_1803_English_x64.iso) and location to save the ISO file. The utility will now build the ISO file.
- Click Finish when the wizard completes.
- Alternative Method: Download the ISO directly from https://www.microsoft.com/en-us/software-download/windows10ISO by visiting the URL on a non-Windows (OSX or Linux) operating system. The site will only allow download of the ISO directly if visiting from a non-Windows platform.
- Mount the ISO and compress its contents into a .zip file.
- In Windows 10, the ISO can be mounted by right-clicking on the file and choosing "Mount" or simply double-clicking on the ISO file.
- Make sure that you have 7-Zip
installed from here.
- Once mounted, select all of the files within the ISO (not the directory/drive, but the files within it), then right
click and choose "7-Zip > Add
to Archive... ".
- Since the ISO is read-only, select another location to
place the zip file (such as C:\, Desktop, etc). Choose "OK".
- After compression completes, the zip file will be created on the selected location with an automatically generated name (example: setup.zip). Rename appropriately (example: Win10_1803_English_x64.zip). This zip file will be used in the following steps.
- Unmount the ISO (right-click the drive and Eject), then store/discard the ISO, as desired.
Step 2 - Upload the Package to the SMA
Due to file size limitations, the build upgrade zip (depending on size) must be uploaded to the SMA via the 'clientdrop' samba share. The maximum file size for upload via the web UI of the SMA is 2GB (version 8.0 and earlier) or 4GB (version 8.1 and later), and build upgrades tend to be slightly too large for PHP upload. The Samba method avoids the upload limit entirely.
- If Samba is not enabled, enable it (Samba can be disabled after the package is uploaded and imported in step 3). Samba enable/disable settings are found on the Security Settings page (Settings > Security Settings) in the Admin UI (single-org) or System UI (multi-org). To enable Samba, the "Enable organization file shares" checkbox must be checked.
- Ensure the share is also enabled at the Organization level and that credentials for the clientdrop (admin) Samba share are known. If not, the password can be reset on the Settings > General Settings page in the Admin UI (org-specific for multi-org systems).
- Connect to the clientdrop share. This can be done in Windows by opening a Windows Explorer window and typing in the share address for the SMA (example: \\k1000\clientdrop, replacing k1000 with the SMA hostname).
- Drag and drop the .zip file created in step 1 into the clientdrop share.
- Once the file is listed in the clientdrop share, move on to Step 3.
Step 3 - Map the Package to a Software Title
Create a software title using one of the two methods listed, and then map the .zip file to it.
Method 1: Build a Custom Software Title
This method allows for a custom title and custom inventory rule to grant greater control of reporting and more obvious naming of each build upgrade. If the custom inventory rule is designed in a way that can detect across multiple editions and upgrade branches, then this method is also edition/branch agnostic. Method 1 is the recommended approach.
- In the Admin UI, go to Inventory > Software.
- Select Choose Action > New.
- Fill in the Name, Version, Publisher, and Notes fields as desired. This is the 'custom' part of this approach. An example is provided:
- In the Custom Inventory Rule field, there are many possibilities to detect the build number. For the sake of simplicity, this guide uses the ReleaseId registry value in HKLM\Software\Microsoft\Windows NT\CurrentVersion to detect the build number. This may not work in all editions/branches of Windows 10 (e.g. LTSB).
- RegistryValueEquals(HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion,ReleaseId,1803)
- The Magic Step: This is where we associate the zip file from the clientdrop share to the Software title. Simply choose the file in the drop down. This will pull the file into the proper location on the filesystem and remove it from the Samba share.
- Click Save. Note: After the page is saved and the file is reassigned, Samba can be safely disabled.
Method 2: Use the Automatically Detected Software Title
This method requires the new build to have been installed on at least one system with an SMA agent that has reported inventory at least once since applying the upgrade. This method is simpler than method 1, because it does not require creation of a new software title or creation of the custom inventory rule to go along with it.
- After at least one system has been upgraded using an alternative method (i.e. not the SMA) in the environment and has successfully uploaded inventory to the SMA, find the new build title with the appropriate version in the Software list. Example: For the Spring 2018 Update (Build 1803) on Windows 10 Pro (the edition matters when using this method), the title is 'Microsoft Windows 10 Pro x64' with a version of '10.0.17134'. This title can also be found by viewing the device's inventory record and clicking on the newly detected version of Windows 10 under 'Installed Programs'.
- Once the correct title has been identified, click on it to go to its software detail page.
- Perform Steps 5 and 6 only from Method 1 above. Since this title is auto-detected, the fields will be pre-populated and the custom inventory rule is not required.
Step 4 - Create the Managed Installation
At this stage, the Managed Installation is created exactly as any other Managed Installation would be created. The steps are detailed here, but anyone familiar with creating/deploying Managed Installations can likely complete the process from this point on from experience. However, even those experienced may want to take note of the Full Command Line example below.
- In the Admin UI, go to Distribution > Managed Installations.
- Select Choose Action > New.
- Input a Name. For this example, the name is 'Windows 10 x64 Build 1803".
- Set the desired Execution option based on the environmental requirements/preferences. Something must be chosen other than Disabled or the MI will not deploy.
- For the Inventory field, Software must be selected.
- In the Software drop-down, choose the title from Step 3 that has the zip associated to it.
- For Associated File, choose "Use associated file" to use the file that is already associated to the software item.
- If desired, "Delete downloaded files" can be enabled to purge the installer from cache after installation on the client.
- For Installation Options, choose "Override default installation" and ensure "Don't prepend msiexec.exe" is checked.
- For Full Command Line, this example shows an auto upgrade with no UI output on the endpoint and no OOBE upon reboot. All command line options can be found at https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2015/09/14/windows-10-setup-command-line-switches/.
- Full Command Line: setup.exe /auto upgrade /quiet /showoobe none
- In the Deploy section, assign the MI to specific label(s) and/or device(s) (this is where we strongly recommend testing with a small set of machines in a test label before rolling out to larger, network-wide labels), as needed/desired.
- Configure the Notify section according to environmental requirements/preferences.
- Configure the Schedule section according to environmental requirements/preferences. Note: Adjusting the deployment window is not advised, as MIs are only run during inventory interval. If the window is configured such that it is not open long enough for all systems to run an inventory interval, then affected systems will never attempt to deploy the build upgrade. Order defines the order the MI is run in versus other MIs and their order values. If the value in Maximum Attempts is exceeded due to installation failure, the MI will cease deployment attempts for those devices.
- Click Save. If an immediate test is desired and a test label or test device(s) have been assigned, Run Now can be chosen to push out the deployment to all assigned devices immediately. Otherwise, the MI will deploy based on the Execution option.