WARNING!!
8/21/2018 - The following steps will enable Dynamic Updates for Windows 10 In-Place Upgrade. If you have not serviced your WIM with THE LATEST Cumulative updates - like today is patch Tuesday and you haven’t updated your WIM with today’s CU, proceed with caution! Your Enabling Dynamic Updates will allow your clients to go to the internet and download the latest Cumulative Update and install it during the upgrade. This is an extra ~800 MB per client from the internet. If this is not desirable, please check out how to offline service your media with the latest Dynamic Updates here.
If you haven’t already, check out Part 1 Here, otherwise this won’t make as much sense.
In all of the haze of my attempts to get out to Windows Update, I lost sight of my ultimate goal, which was to be able to go out to Windows Update AND ignore dismissible compatibility warnings when using the Upgrade Operating System step in a ConfigMgr Task Sequence. While I was researching this issue, I had run across the Task Sequence option OSDSetupAdditionalUpgradeOptions as documented here. Johan (@jarwidmark) has a good write-up on that here. It was late as I was finishing up testing, so I just made a note to look into it because I wanted to use the /DiagnosticPrompt enable Windows Setup command line option for testing in my Task Sequence.
As I got back into the office and started testing, I realized that I wasn’t done. If you have ever checked all 3 boxes,
you will have seen the message in the smsts.log stating that the Ignore flag was being Ignored:
When dynamic update is enabled, ignore warnings is not allowed, ignoring the switch /compat.
Now that we know the secret behind getting past ConfigMgr and out to Windows Update, we don’t need to check the boxes. In fact, we can bypass MOST of the checkboxes (Time-Out is a ConfigMgr option, so if you need it, check the box). We can just use OSDSetupAdditionalUpgradeOptions to add any command line options that we want. Technically, you could just run it all from a Run Command Line step instead of using the Upgrade Operating System step, however, there is some behind-the-scenes integration that makes it worth keeping around.
Quick Tangent about the Upgrade Operating System step. Open Task Manager and you will see OSDUpgradeOS.exe running during the Upgrade Operating System step.
This step manages the Task Sequence and Windows Setup integration. It adds the SetupComplete.cmd and SetupRollBack.cmd files and manages the Task Sequence UI between reboots. So, don’t dismiss this step, maybe just don’t use the check boxes.
Speaking of check boxes, the Task Sequence knows what boxes you checked, but doesn’t check the OSDSetupAdditionalUpgradeOptions variable to see what you added there. Can you guess where I’m headed with this?? Just move the items from the check box to the OSDSetupAdditionalUpgradeOptions variable and you the Task Sequence ignores the ignore but in a good way this time!
The Hack v2.0
Update you Task Sequence from my previous post, to be more like this:
Type: Group
Name: Upgrade the Operating System
Type: Run Command Line Step
Name: Rename Registry.pol
Command Line:
cmd /c "ren c:\Windows\System32\groupPolicy\Machine\Registry.pol Registry.bkp"
Type: Run Command Line Step
Name: DELETE WindowsUpdate Key
Command Line:
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" /v UseWUServer /t REG_DWORD /d 0 /f
*You can get fancy and rename this key then rename it back at the end, but you get the point. We just don’t want this key for now.
Type: Run Command Line Step
Name: Restart Windows Update Service
Command Line:
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "Restart-Service wuauserv"
Type: Set Task Sequence Variable
Name: Set OSDSetupAdditionalUpgradeOptions
Task Sequence Variable:
Value:
/Compat ScanOnly /Compat IgnoreWarning /DynamicUpdate enable
Refer to Windows Setup Command Line Options for additional options.
Type: Upgrade Operating System
Name: Upgrade Operating System
Select your Upgrade media and Don’t Check ANYTHING!!
See The bottom of this post for more info
Type: Group
Name: Cleanup
Type: Run Command Line Step
Name: Rename Registry.pol
Command Line:
cmd /c "ren c:\Windows\System32\groupPolicy\Machine\Registry.bkp Registry.pol"
*Note: At this point, your machine is still pointed to Windows Update, so you will need to gpupdate /force
to have it regenerated. I haven’t tested this far yet, but I would assume by the end of the Task Sequence, the machine will have updated policies and rebuilt the key.
The end result should look something like this if you started with my previous Task Sequence and just commented out the steps: