• United States



Contributing Writer

How to script Windows 10 security update installs

Nov 29, 20183 mins
SecuritySmall and Medium BusinessWindows

You can download Microsoft Windows updates for later deployment across your network. Here's how you script the process.

windows 10 acts like windows 7
Credit: Microsoft

There are many ways to install feature release updates: You can install them via Microsoft update using the Windows update for business settings to defer the feature update until after the feature release is deemed ready for business. This is typically a few months after updates are released and the blocking issues have been resolved.

You can control the install via Windows Software Update Services, System Center Configuration Manager (SCCM) or even Intune. If you use a third-party patching tool you can install feature releases via their control mechanism.

Here’s another way you can install the feature release updates: You can script it. The key to this method is to download and save the updates to a location that can be accessed from the machines you have under your control. A network share will work well for the deployment.

Once you have deemed the deployment suitable for your network, you can roll out the feature release that you want for your network. Whenever a feature release is declared, and if you do not have access to volume licensing, which gives you specific access to Windows 10 releases, you can download a copy of the specific feature release media and save it to a network location. Microsoft’s media site will allow you to download the needed media.

Download the ISO file from that site and then mount the ISO file so that the setup.exe file can be accessed. Then call setup.exe with silent switch (/auto upgrade /quiet). For example:

H:setup.exe /auto upgrade /quiet

This will install the feature update and not prompt for any action after it is installed.

If you are using PDQ Deploy, you can use the following process:

Download the ISO file from the media website as noted above. As before, extract the ISO file to a folder in your PDQ Server. Preferably, the ISO file should be placed in the repository. Next, launch PDQ Deploy, create a new package, and create a Command Prompt install package. Name the file as you see fit. Then enter the following command into the CMD task you created above:

"Path_to_Win_Setup_Folderx64setup.exe" /auto upgrade /migratedrivers all /ShowOOBE none /Compat IgnoreWarning /Telemetry Disable

Customize the Path_to_Win_Setup_Folderx64 with your appropriate settings as noted.

Finally, you can run the script to test the install and see what blocking issues you might encounter without installing the feature update. To do so merely enter:

SETUP.EXE /Auto Upgrade /Quiet /NoReboot /DynamicUpdate Disable /Compat ScanOnly

Contributing Writer

Susan Bradley has been patching since before the Code Red/Nimda days and remembers exactly where she was when SQL slammer hit (trying to buy something on eBay and wondering why the Internet was so slow). She writes the Patch Watch column for, is a moderator on the listserve, and writes a column of Windows security tips for In real life, she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows servers, Microsoft 365 deployments, Azure instances, desktops, a few Macs, several iPads, a few Surface devices, several iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at and is on twitter at @sbsdiva. She lurks on Twitter and Facebook, so if you are on Facebook with her, she really did read what you posted. She has a SANS/GSEC certification in security and prefers Heavy Duty Reynolds wrap for her tinfoil hat.

More from this author