How to script a security feature update with Windows 10

CSO Online | Nov 29, 2018

Learn how to create a script that will install security and other feature updates at a specific time

Similar
There are many ways to install feature release updates: You can install them via Microsoft update using the Windows update for Business settings to defer the feature update until after the Feature release is deemed ready for business. This is typically a few months after they are initially released and the blocking issues have been resolved.

You can control the install via Windows Software Update Services, SCCM or even Intune. If you use a third party patching tool you can install feature releases via their control mechanism.

But there’s another way you can install the feature release updates: You can script it. The key to this method is to download and save to a location that can be accesssed from the machines you have under your control. A network share will work well for the deployment.

Once you have deemed the deployment is suitable for your network you can roll out the feature release that you want for your network. Whenever a feature release is declared, and if you do not have access to volume licensing which gives you specific access to Windows 10 releases, you can download a copy of the specific feature release media and save it to a network location. The media site at https://www.microsoft.com/en-us/software-download/windows10 will allow you to download the needed media.

Download the iso from that site and then mount the iso so that the setup.exe file can be accessed. Then call Setup.exe with silent switch (/auto upgrade /quiet).

For example

This will install the feature update and not prompt for any action after it is installed.`

If you are using PDQ Deploy you can use the following process:

Download the ISO from the media website as noted above. As before, extract the ISO to a folder in your PDQ Server. Preferably the ISO should be placed in the repository. Next, launch PDQ Deploy, create a new package, and create a Command Prompt install package, name the file as you see fit. Next enter the following command into the CMD task you created above:

Customize the Path_to_Win_Setup_Folder\x64\ with your appropriate settings as noted.

Finally you can run the script to test the install and see what blocking issues you might encounter without installing the feature update. To do so merely type in

SETUP.EXE /Auto Upgrade /Quiet /NoReboot /DynamicUpdate Disable /Compat ScanOnly