BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The Windows 10 April Update introduced seven important features to help IT professionals with managing Windows 10 updates and upgrades.
The April Update lets IT run custom actions during a feature update or specify that a script run if IT rolls back an update. The Windows 10 April Update also added new commands to the Deployment Image Servicing and Management (DISM) utility, as well as an entirely new command-line utility -- SetupDiag -- that IT professionals can use to diagnose failed updates.
In addition, Microsoft enhanced Update Compliance, Upgrade Readiness and Device Health to include features related to Windows upgrades and updates.
Starting with the Windows 10 April Update, IT pros can run custom actions during an upgrade or feature update. Custom actions are batch commands an IT pro can save to special .cmd script files that run during the preinstall or precommit phase of the update process.
The preinstall phase occurs before the system and device compatibility scans run. The precommit phase occurs before the system reboots into the offline phase.
IT pros who want to run batch commands during the preinstall phase should add the commands to the preinstall.cmd file. If they want to run batch commands during the precommit phase, they should add the commands to the precommit.cmd file.
They can also add batch commands to the failure.cmd file, which runs if an update fails or if IT has to roll it back. The command files reside in subfolders located in the %windir%\System32\update folder.
IT pros can use the setup utility to run a script if a feature update fails or if IT rolls back any changes.
The script also runs if users uninstall a feature update and revert their systems to a previous Windows version. To use these setup options, an IT pro must save the script's batch commands to the setuprollback.cmd file, which he can locate in a local folder or through a Universal Naming Convention network path.
When managing Windows 10 updates, IT pros also have the option to run the script in the admin context or system context. In the admin context, the first person who logs into the Windows device after an upgrade must have administrative privileges for the script to run. In cases where IT pros do not have these privileges, they can instead run the scripts in the system context.
IT pros can use the DISM command-line utility to prepare and service a Windows image -- .win -- or a virtual hard disk -- .vhd or .vhdx. The utility is built into Windows and can run from a command prompt or through PowerShell.
Microsoft added four commands to DISM to help with managing Windows 10 updates.
- Initiate-OSUninstall launches an uninstall operation that returns the computer to the previous Windows installation.
- Remove-OSUninstall removes the Windows uninstall capabilities from the computer.
- Set-OSUninstallWindow sets the number of days after an update that an IT pro or user can perform an uninstall.
- Get-OSUninstallWindow displays the number of days after an update that an IT pro or user can perform an uninstall.
Microsoft added these settings to DISM specifically for IT pros.
SetupDiag command-line utility
A Windows update or upgrade can fail because of issues related to hardware devices, hardware drivers, installed software and more. To diagnose why a failure occurred, Microsoft introduced the SetupDiag command-line utility, which parses the Setup and Event log files to identify possible causes. The utility returns the results of its analysis in a text format.
SetupDiag uses a set of predefined rules to match known issues. It extracts the rules from the rules.xml file. The most recent release of SetupDiag -- version 1.20 -- includes 41 rules, a number that should increase with each release. The utility only works for Windows 10 and requires .NET Framework 4.6.
IT pros should be aware that some rules can take a long time to process.
Windows Analytics includes the Update Compliance service which can help IT with managing Windows 10 updates. Update Compliance is a set of tools for monitoring and tracking Windows updates.
With the release of the Windows 10 April Update, Microsoft enhanced Update Compliance to include information about an organization's Delivery Optimization configuration. Delivery Optimization helps organizations reduce overall bandwidth consumption for Windows updates by sharing package downloads across multiple devices.
Delivery Optimization in Update Compliance provides greater visibility into Delivery Optimization updates. IT pros can use this information to assess an update's bandwidth consumption for the devices that participated in peer-to-peer distribution over the past 28 days.
The Update Compliance interface shows a breakdown of the download configuration for each device, the percentages of bandwidth savings for each category and the total amount of data for each content type.
Upgrade Readiness provides a set of tools for planning and managing the upgrade process from end-to-end. Microsoft updated Upgrade Readiness to help identify security-related issues in preparation for Windows operating system or firmware updates.
The Upgrade Readiness interface includes three new blades for identifying issues:
- Antivirus status by computer shows whether the antivirus software on a managed Windows device is compatible with the latest Windows update.
- Windows security update status by computer shows whether a security update has been installed on the managed device that addresses the Spectre and Meltdown vulnerabilities. The blade also verifies whether any related fixes are disabled on the managed system.
- Firmware security update status by computer shows the number of managed devices that the installed firmware updates with Spectre and Meltdown protections.
For an organization to use the Upgrade Readiness features, the managed Windows devices must be able to connect to the http://adl.windows.com endpoint, which communicates update compatibility information to client computers.
Device Health helps IT pros with managing Windows 10 updates and upgrades by providing them with reports about common problems users are experiencing so they can proactively address potential issues. Microsoft added the App Reliability report to Device Health to enable IT pros to see where application updates or configuration changes might help avoid system crashes.
The default view in the App Reliability report displays the number of managed devices that have logged an application reliability event in the past 14 days.
Windows generates a reliability event when an application unexpectedly closes or stops responding. The default view also shows device and usage counts, which can help determine how extensively the users have worked with an application over the 14 days. IT pros can drill down into the report to view more detailed information about an application's behavior across the devices.