Windows 10 Update Readiness [ The Old Fashioned Way ] - Part One

Updated: Apr 14, 2020


Sometimes you may be working in an environment where telemetry and update readiness are a challenge. As the saying goes, “necessity is the mother of innovation”, and if you’re an MECM (SCCM) shop, you have many tools readily available at your disposal. I will dedicate several posts about this topic. Today I will be going over Configuration baselines, and Items, and how we can leverage them to help us build collections for Windows feature update readiness. Refresh: A Configuration Baseline (CB) is a collection of one or more conditional checks called Configuration Items. The CB will evaluate these configuration items upon a defined schedule for the purpose of feedback on compliance. Click here to learn more about compliance settings. In today's post we will use three different types of categorical checks: application version, whether a config file is present, or is the correct version, and finally if there is enough disk space. Note: you may have other types of checks, but this should cover enough to get an idea of how to start building out your compliance settings for W10 readiness.

NOTE: This post assumes you have prior knowledge on compliance settings in SCCM. To learn more please see the link above.


As Stated above the Configuration Baseline will be leveraged to gather feedback based on certain criterion's to help determine which machines are eligible for the new Windows 10 update. In our example we will be using 1909 as new version of W10. Collections will be created based off the compliance feedback given by the Configuration Baseline. The baseline will have three Configuration items (checks):

  • Check for the latest McAfee endpoint products for compatibility with the latest deployed version of Windows 10. [ Application Check ]

  • Checks If the machine has the SetupConfig.ini config file present and is the latest correct version. [ Specific File Check ]

  • Check hard drive space on the local disk (at least 25GB free). [ Hardware Check ]

 

We'll start with the Application Check. We will be using McAfee's endpoint products as an example. I like this example for several reasons. Firstly, with almost every new feature update of Windows 10, most (not all) McAfee endpoints have to be updated for the new version of Windows. McAfee keeps a KB article handy and updated with this info: Click Here. Secondly, because the McAfee's ePO server (their centralized management system) randomly updates the endpoints, your check will have to make sure that all the endpoints have the proper versions at the same time.


For the examples sake we will assume your environment has the following McAfee endpoints:


  • DLP

  • HIPS

  • Agent

  • Policy Agent


Before creating the Configuration baseline we will create the CI's needed that will be part of the CB. I will demonstrate how to create CI once, and how to add it to a CB. Use the demonstration as guide to create the rest of the CI's needed.


  • In the console, navigate to the following: Assets and Compliance > Compliance Settings > Configuration Items. Right click, and select "Create Configuration Item"




  • In the "Create Configuration Item Wizard, select the following options:










52 views0 comments

Recent Posts

See All