Support for Windows 10/11 feature Updates via Patch Manager

We are using Patch manager 2024.2. When we try and deploy a windows feature upgrade say Windows 22 H1 to 22 H2 [Feature update to Windows 10 (business editions), version 22H2, en-us x64] or Windows 10 to Windows 11 via [Windows 11, version 23H2 x64 2024-08B].

We can easily deploy these directly from WSUS and have done so.

Now, if we deploy these from patch manager what happens is as follows:

  1. We see the patch gets downloaded from WSUS
  2. The patch is then extracted and run (takes ~ 1 hr)
  3. The job returns as successful in the patch manager console

However, the system never actually updates to the later feature release We have logged this with support and they tell use feature upgrades are not supported with Patch Manager!

 

This makes no sense to me as it is just another patch in WSUS and all other patches work when pushed directly from patch manager as ultimately the patch manager agent/wmi providers are just orchestrating the local windows update agent no?

Has anyone experienced this? I see no mention of this in the patch manager documentation as not being supported.

Parents
  • I've found that Patch Manager is only able to perform an OS upgrade properly if the feature update is via enablement package. If it's a full OS replacement, I've seen the exact same symptoms you're describing. I've gotten around this by using an elevated powershell and psexec (part of the sysinternals suite) to run the update from the command line. You'll need a text file containing the list of computers to update (one per line); set in line 1 of the below code. You'll also need to extract the contents of the ISO to a network location that the computer can access as set in line 9.

    $computers = Get-Content C:\temp\Scripting\computers.txt
    
    foreach($computer in $Computers) {
        $Build = $null
        $Build = Invoke-Command -ComputerName $computer -ScriptBlock {(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').CurrentBuild} -ErrorAction SilentlyContinue
        If ($null -eq $Build) {Write-Output "$computer not found"}
        Elseif ($Build -lt '26100') {
            Write-Output "Update $computer from $Build"
            & C:\Sysinternals\PsExec.exe -s -d \\$computer "\\SERVERNAME\SHARENAME\Windows 11\24H2\setup.exe" /auto upgrade /eula Accept /dynamicupdate disable /quiet /showoobe none
        }
    }

Reply
  • I've found that Patch Manager is only able to perform an OS upgrade properly if the feature update is via enablement package. If it's a full OS replacement, I've seen the exact same symptoms you're describing. I've gotten around this by using an elevated powershell and psexec (part of the sysinternals suite) to run the update from the command line. You'll need a text file containing the list of computers to update (one per line); set in line 1 of the below code. You'll also need to extract the contents of the ISO to a network location that the computer can access as set in line 9.

    $computers = Get-Content C:\temp\Scripting\computers.txt
    
    foreach($computer in $Computers) {
        $Build = $null
        $Build = Invoke-Command -ComputerName $computer -ScriptBlock {(Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion').CurrentBuild} -ErrorAction SilentlyContinue
        If ($null -eq $Build) {Write-Output "$computer not found"}
        Elseif ($Build -lt '26100') {
            Write-Output "Update $computer from $Build"
            & C:\Sysinternals\PsExec.exe -s -d \\$computer "\\SERVERNAME\SHARENAME\Windows 11\24H2\setup.exe" /auto upgrade /eula Accept /dynamicupdate disable /quiet /showoobe none
        }
    }

Children
No Data