Upgrading Windows 10 to a new build can be a headache. I’ve tried the WSUS route but that did not go smoothly. Many upgrades failed or were skipped for some reason. I’ve found the best way to upgrade Windows is to use MDT (Microsoft Deployment Toolkit).
Creating the task sequence is easy: just run the New Task Sequence wizard and select the Standard Client Upgrade Task Sequence template. Select the imported OS you want to upgrade to (not a customized image) and that’s basically it.
This Task Sequence is different from the Standard Client Task Sequence because it doesn’t run from Windows PE. You run the task sequence directly from the existing OS. So how can we launch this task sequence remotely? Well, you can get creative with remote powershell, but you can utilize existing automation tools in you’re environment. In this blog we’ll focus on Ivanti Automation. Create a new Module with the following tasks:
- Query Registry Settings
To check if the OS needs to be upgraded we’ll check the ReleaseID value in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion. On the Condition tab create an Expression for the same registry value and check the data for the build you’re upgrading to (in our case 1909). Then set the conditions as follows:
If condition is TRUE then: Execute this task, but skip all remaining tasks in this module
If condition is FALSE then: Execute this task
Check out image 1 for those of you that are visually inclined.
- Reboot Computer
Sometimes running processes can cause the upgrade to fail so always start with a reboot before upgrading.
- Execute command
Here’s where we’ll fire up the task sequence. Set the following command line:
cscript.exe $[DeploymentShare]\scripts\Litetouch.wsf /TaskSequenceID:$[Tasksequence ID] /UserID:$[UserID] /UserDomain:$[Userdomain] /UserPassword:$[Password] /SkipWizard:YES
The $[…] bits are Module Parameters so you can re-use the module for future task sequences without having to adjust the command line. Also you can obfuscate the UserPassword this way. Make sure you set a lenghty timeout value and leave the Security Context empty. (See image 2 and 3)
- Query Registry Settings
This is basically a duplicate of the first task. It’s best practice to check if the upgrade worked and command lines don’t always report back errors. So re-check the ReleaseID and if incorrect fail the Task this time (See image 4)
That’s it! Run the module on a test machine to try it out. It is noteworthy that the Task Sequence will cause the machine to reboot. This reboot won’t be controlled by Ivanti Automation so on rare occasions this will cause the task to display as Skipped. By then the update has already been deployed so it’s not really an issue.
Is an all-round IT engineer with special skills in Microsoft, Citrix, RES and VMware products. Loves a challenge in his work and has taught himself scripting. Initially batch scripts, and later PowerShell. This helps him to automate processes and procedures, and to develop his own management tools which can be used every day.
Core qualities
Team player, enthusiastic, eager to learn, sociable, positive
Hobbies
Football, playing music, watching movies and series
Job description
Senior Technical Specialist
