How To Upgrade Windows 10 Versions Using Ivanti Patch Manager

Version 15

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.xEndpoint Manager 2018.x

     

    Goal

     

    Upgrade the clients to Windows 10 version 1803.

     

    Steps

     

    For our example, we will be installing Windows 10 1803 Professional, but the same steps will apply to all current versions of Windows 10.

     

    Test your ISO outside of Ivanti.

    All Windows 10 Upgrade definition rules have the "Can Download" set to No.  Ivanti cannot distribute Windows 10 Install ISOs.  You will need to download the ISO through the one of the various Microsoft volume licensing programs available.

    1. Download or otherwise acquire a Windows 1803 ISO for the version of Windows that you are updating (Education, Professional, or Enterprise). In this case we will download Professional version.
    2. Run your ISO on a test machine manually to make sure that it will upgrade outside of Ivanti. If your machine will not upgrade when manually running the ISO outside of Ivanti, it will not upgrade through Ivanti when using that same ISO. If you are unable to upgrade the machine outside of Ivanti, you will want to check the following:
      1. Make sure your client machine meets the system prerequisites for the version of Windows 10 you are upgrading to.
      2. Make sure your ISO is not blocked by the local system by going into the ISO properties and selecting to unblock the update if necessary.
      3. Try disabling or temporarily uninstalling your antivirus or application control on the client as that has been known to prevent this type of upgrade on occasion. You can reinstall it after the system is upgraded.
    3. Once you are able to upgrade a machine using your ISO outside of Ivanti, place this .ISO into the \ManagementSuite\LDLogon\Patch\ directory on your core server.  If you have changed the patch storage location, place it in the equivalent directories.

       4. Encryption such as BitLocker must be disabled for the deployment to be successful.  The machine must be able to fully reboot on its own to complete the deployment properly.

     

    Find the correct definition for the version you are upgrading to.

     

    1. Open the Ivanti Endpoint Manager Console and go to the Security and Compliance Tool group.
    2. Open the Patch and Compliance Tool.
    3. Ensure that you have downloaded the latest updates in the Vulnerabilities category.


    4. After downloading the vulnerabilities category, select the correct definition for the version that you would like to upgrade to. In my example, I am upgrading to Windows 10 1803 Professional English x64 so  I would select W10V1803PX64_V2:

        

    When selecting the definition, you will want to pick a V2 definition or things might not work correctly

     

    Prepare your ISO and run a repair task.

     

    1. Double-click the rule that matches the version of Windows you are trying to upgrade.

         Y

     

        2. Make sure that your .ISO file for the Windows upgrade matches the filename within the rule in the Patch information section under Name exactly.  You can guarantee this, by highlighting, copying, then pasting the file name from the definition into your ISO's file name properties.

        3. Double check your ISO's file name, making sure it still has the .iso extension and that it is not named ".iso.iso" or anything like that.  It must match exactly with the file name in the detection rule above.

        4. Run Download Updates one more time to ensure that the "Downloaded" Yes/No column in the rule is updated to "Yes".  If it does not update, check your storage location and the name of the .ISO to make sure it matches.

        5. Run a scan and repair as usual.

     

    Add commands to the Setup Automation via SetupConfig.ini

    If the deployment is successful without the SetupConfig.ini then any support will be done on best effort basis, no bugs of this nature will be submitted

    Steps.

         1. Create a SetupConfig.ini File, a simple example is attached to the case. Please read the articles below for more information.

                  Windows Setup Automation Overview

                   Windows Setup Command-Line Options

         2.  Save this file to “C:\Program Files (x86)\LANDesk\LDClient\W10Config” or “C:\Program Files\LANDesk\LDClient\W10Config”  depending on the architecture of the client machine.

         3. Deploy the repair task as usual. When we run the deployment we will check to see if the SetupConfig.ini exists. If it does we will then add the additional arguments to the Setup. If the file does not exist then we will proceed with our default install.

     

    Further information about the Patch Manager definition release can be seen here.

     

    How to block automatic update to the Creators Edition of Windows on client systems

     

    In order to block Windows 10 systems from automatically installing Operating System Upgrades, the following methods may be used:

     

    Group Policy

    Computer Configuration / Administrative Templates / Windows Components / Windows Update Policy

    Setting: Turn off the upgrade to the latest version of Windows through Windows Update

     

    Registry

    HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

    DWORD value: DisableOSUpgrade = 1

     

    LANDESK Patch and Compliance Definition

    The DISABLEWIN10UPGRADE can be sent as a repair job to turn off the Windows 10 auto-updates to newer OS versions.

    This definition sets the Registry key listed above.