Windows 10 1803 Update

I am trying to write a fixlet to deploy the Windows 10 1803 Update and I can’t seem to get it to work properly.

The fixlet is real simple, I download the ISO and powershell script to the local client. Both files down load w/o an issue and the the powershell script executes but nothing seems to happen.

The weird thing is that when the script runs, I can confirm that the ISO is mounted but it appears that I am unable to run the setup.exe. It seems to me, that it is failing when it attempts to determine the drive letter, maybe it is because of context (user vs system)?

Contents of PS script.
mount-diskimage -imagepath ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\CustomSite_Custom_Windows_Patching_Download\SW_DVD5_Win_Pro_Ent_Edu_N_10_1803_64BIT_English-2_MLF_X21-79647.ISO’ -storagetype iso -passthru | Get-Volume

$driveLetter = (Get-DiskImage ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\CustomSite_Custom_Windows_Patching_Download\SW_DVD5_Win_Pro_Ent_Edu_N_10_1803_64BIT_English-2_MLF_X21-79647.ISO’ | Get-Volume).DriveLetter

invoke-item “$($driveLetter):\setup.exe”

It appears that I answered my own question.
I did need to execute the powershell script with the RunasCurrentUser.

IBM provides fixlets for this, they just aren’t out yet for 1803. This type of install I believe is best as a two stage fixlet. One to copy the ISO to the endpoints, like C:\1803, and Two to mount the ISO and run the command line.

It would be nice if, when IBM does release the 1803 fixlet, that they do this in a stage 1/2 process.

Regardless, I would be interested in your results on the 1803 upgrade… 1709 never seemed to work.

Thank You Alexa for your response.

At our company, we only have BF Patch so those fixlets are not included. So luck me, I get to code my own.

I am not much of a developer (so I know there are better ways to do this), I just dont have those skills yet.

But this is what have come up with so far:
My action script download the iso, a PS1 and the RunAsCurrentUser files then runs this

waithidden __Download\RunAsCurrentUser.exe --w --q “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -ExecutionPolicy Bypass -File “{(pathname of client folder of current site) & “__Download\upgrade1803.ps1”}”

This is my PS1 file
mount-diskimage -imagepath ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\CustomSite_Custom_Windows_Patching_Download\SW_DVD5_Win_Pro_Ent_Edu_N_10_1803_64BIT_English-2_MLF_X21-79647.ISO’ -storagetype iso -passthru | Get-Volume

$driveletter = (Get-DiskImage ‘C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData\CustomSite_Custom_Windows_Patching_Download\SW_DVD5_Win_Pro_Ent_Edu_N_10_1803_64BIT_English-2_MLF_X21-79647.ISO’ | Get-Volume).DriveLetter

$setup = $driveletter + “:\setup.exe”
$param = “/auto upgrade /Quiet /DynamicUpdate disable /noreboot”

start-process -filepath $setup -argumentlist $param

EDIT: I know I should be using prefetch statements rather than download but I am still testing…

@Mojea, I have been using the bigfix fixlet and it has worked fine so far with all versions of windows 10 just replacing the prefetch code area. I upload our correct ISO version file to the server and replace the file name, size, and sha value in the code.

If you want to, I can post the Action Script Code so you can replace the prefetch block to your corresponding Win 10 version.

2 Likes

Is this available yet?

Best to just create your own Stage 1 / Stage 2 Fixlet… One to copy the ISO to C:\temp\Win10 (or where ever). Two to kick off the command. 1803 is behaving much better than 1709 (so far) but the requirement of omitting the /norestart switch from the command line still holds true; save the system fails during the Second Boot Phase (around 77%), reverts, and creates a new BigFix ID for the endpoint…

1 Like

Would anyone be willing to post their custom Fixlet for 1803 deployment out on BigFix.me?

Here you are… Obviously you need to supply your own ISO.

We basically run Stage 2 and 3 as a Policy (we have a preset in Stage 2). This way folks via the Web Console can easily deploy Stage 1 and all others are automated.

Note that Stage 2 command line does NOT include the /noreboot switch (as this causes a failure in the upgrade and creates a new ID for the endpoint). Be sure your Stage 2 verbiage makes note of that to the user.

Also note that 1803 will break IBM ClearCase 8.x and 9.x, so there is relevance that excludes those from Stage 1 and 2.

Stage 1
Stage 2
Stage 3

3 Likes

@AlexaVonTess you’re amazing, thank you!:pray:

Why might the BigFix fixlet for Windows 10 build 1803 not be showing up in the BF console? Most of my workstations are 1709 so I now they are relevant. And I can still see fixlets for 1703 and 1709 for my straggler vms.
I see in this post you suggest creating our own but wondering if I have something not activated in general that may be stopping the fixlet from showing up.

I doubt they’ll create one. There is a bug that they say they won’t fix because its a Microsoft problem and they need IBM customers to open up PREMIUM support cases with Microsoft and a PMR with IBM to get action going.

The bug, is something in the API used to restart the system upon the install setup phase. The result is a constant failure along with a new ID being generated for the endpoint.

Anyway, removing the /NORESTART switch from the command line works well.

I’ve posted my Three Stage 1803 Fixlets on bigfix.me.

1 Like

Thanks for the details @AlexaVonTess

I have the iso downloaded and saved to the standard sh1 folder where we would normally place anything that has to be pre-cached, but i’m getting an error on stage 1. I tried leaving the file name same as in statement and also with changing it to the hash, but still get the same error about not passing the deployments download whitelist. Any idea on what i might be doing wrong?

So you have an ISO which you renamed as the SHA1 and placed in BES Server\wwwrootbes\bfmirror\downloads\sha1. The ISO should be the same as in the Stage 1 fixlet (otherwise, you’re using another ISO edition, which is fine, but I can’t speak to how it would work overall).

The file name in the fixlet doesn’t have to be changed. If using an ISO that is different than that listed in the Stage 1 fixlet, you need only change the SHA1 and size in the fixlet.

changing the sha1 and size worked. Thank you.

They will be available soon.

1 Like

Hi there was a BES announcement last night (my time) on the fixlet release;

[Major] Windows 10 Business Editions Version 1803 Available - Windows 10 (English (United States)) (ID: 1111102)
[Major] Windows 10 Business Editions Version 1803 Available - Windows 10 (Japanese) (ID: 1111104)
[Major] Windows 10 Business Editions Version 1803 Available - Windows 10 (x64) (English (United States)) (ID: 1110004)
[Major] Windows 10 Business Editions Version 1803 Available - Windows 10 (x64) (Japanese) (ID: 1110006)

I still do not have this working in our environment. We have 24 sites and relays defined in each site. I’d like the 1803 update to function like other updates where it is copied once to that site and then all other machines update locally. Is anyone doing this successfully?

Using the Stage 1/2/3 process that we’ve already talked about I have upgraded close to 1,000 endpoints globally. Why don’t we start with which Stage isn’t working?

1 Like