How to script Windows 10 security update installs

You can download Microsoft Windows updates for later deployment across your network. Here's how you script the process.

There are many ways to install feature release updates: You can install them via Microsoft update using the Windows update for business settings to defer the feature update until after the feature release is deemed ready for business. This is typically a few months after updates are released and the blocking issues have been resolved.

You can control the install via Windows Software Update Services, System Center Configuration Manager (SCCM) or even Intune. If you use a third-party patching tool you can install feature releases via their control mechanism.

Here’s another way you can install the feature release updates: You can script it. The key to this method is to download and save the updates to a location that can be accessed from the machines you have under your control. A network share will work well for the deployment.

Once you have deemed the deployment suitable for your network, you can roll out the feature release that you want for your network. Whenever a feature release is declared, and if you do not have access to volume licensing, which gives you specific access to Windows 10 releases, you can download a copy of the specific feature release media and save it to a network location. Microsoft’s media site will allow you to download the needed media.

Download the ISO file from that site and then mount the ISO file so that the setup.exe file can be accessed. Then call setup.exe with silent switch (/auto upgrade /quiet). For example:

H:\setup.exe /auto upgrade /quiet

This will install the feature update and not prompt for any action after it is installed.

If you are using PDQ Deploy, you can use the following process:

Download the ISO file from the media website as noted above. As before, extract the ISO file to a folder in your PDQ Server. Preferably, the ISO file should be placed in the repository. Next, launch PDQ Deploy, create a new package, and create a Command Prompt install package. Name the file as you see fit. Then enter the following command into the CMD task you created above:

"\\Path_to_Win_Setup_Folder\x64\setup.exe" /auto upgrade /migratedrivers all /ShowOOBE none /Compat IgnoreWarning /Telemetry Disable

Customize the Path_to_Win_Setup_Folder\x64\ with your appropriate settings as noted.

Finally, you can run the script to test the install and see what blocking issues you might encounter without installing the feature update. To do so merely enter:

SETUP.EXE /Auto Upgrade /Quiet /NoReboot /DynamicUpdate Disable /Compat ScanOnly

Copyright © 2018 IDG Communications, Inc.

8 pitfalls that undermine security program success