Software Management Group

 View Only

Deploying Win10 Feature Updates Via Software Portal 

Nov 26, 2018 03:01 PM

If you haven't heard, Microsoft is actively working towards getting win10 feature update install times down.  More info here on that.

I am hopeful we'll be able to use patch to push out feature update in the future after the 1809 release, but at this time, that is not possible (we cannot take a machine down on a user for 30+ minutes unexpectedly while updates install).

To get through this transition period, I thought I'd write up how to use the software portal to install feature updates.  The software portal has improved in recent updates.  The agent and managed policies could be used, but I don't find them to be very user friendly.

1. Download the necessary ISO file for the feature update, for example Windows 10 Education or Windows 10 Enterprise.  
2. Using 7zip, extract ISO to a folder like below.  

3. In ITMS 8.1, it's required to compress to one folder to upload.  I used 7zip after windows had error compressing it, see screenshot for settings I used to creat

4. In the Symantec Management Console, go to Manage > Software Catalog and select import & add file and browse to your .zip file. You will get a message "Your file selection contains archived content. Do you want to extract it?" - select yes. This process takes a few minutes.

5. The extracted files and folders should be directly under the package folder root.  Setup.exe should be bolded.  Select Next.

6. The next screen will prompt you to create a new software resource.  Make sure the box is checked to open software resource for editing when finished.  Click OK.

7. Under Properties tab, rename name to something more descriptive if you didn't earlier.  I used "Microsoft Windows 10 EDU x64 1809."  I also uploaded display icon that will be used later that I got from here.

8. Under the Package tab, select the Command line and click Edit (pencil icon).  I used tihs command line per the Symantec article linked in resources below.  Click OK.
"setup.exe" /Auto:Upgrade /showoobe none /DynamicUpdate Disable /Copylogs %SystemDrive%\ProgramData\temp

9. Under command lines, select add command.  Name new command "cache installer" and set command line to following
CMD /c "exit"

10. Click Ok and OK to save the software resource. 

11. The first step is to cache the installer files on the workstation.  Navigate to Manage - policies and create a new managed software delivery.  Select Add, software, and use top right filter box to easily find the software resource you named in step 7.  Select OK.

Note: Caching the installer will decrease the amount of time the user or technician is sitting around waiting after clicking install as the files will already be there.  This step could be skipped if you don't mind waiting for installer to download from CMS.  Alternatively, support said you can also cache installs via managed policy using compliance checks, but I've never done this.

12.  In top right, for command line, select cache installer.  In advanced options, you may want to select something under "delete package from client computer if unused for X time" if disk space is a concern.  On the Run tab, you may want to select "allow user to interact with installing software, display window hidden" as well.

13.  Rename policy to something appropriate, I used "Windows 10 1809 cache upgrade" and set scope to your test computer(s).  For schedule, I set it to a time most of our computers should be on, select no repeat, and also select "allow user to turn on policy from the Symantec Management Agent."  This allows installer to download, or technician can force download it for some reason if it's not done, but it won't keep repeating the download.  You may want to select start time of 00:00 which should start the download immediately as soon as computers check in.  Select save changes.  Test on test computer to verify the files copy down (check C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\ for folders created today).

14. You can then offer the install to users via the software portal.  Perhaps you want all users to be able to install it, or just an AD group of technicians.  Don't forget you can scope the target as well (perhaps target for you will be "All Win10 Not 1809").  Below is an example of the portal offering the upgrade but just to an AD group called desktop technicians, and only on one test computer Target I previously set up.  The software is pre approved in our environment because it will only ever be scoped to computers that need it.

15.  If you don't already use software portal, you may want to check Settings - all settings - software - software portal settings - software portal settings and select the new enhanced user interface and/or customize the header/logo.  Also, under Settings - agents - Software - Software Management - Software portal plugin policy that you will want to configure for your users so they can access the portal easily via the agent.  For initial testing, perhaps just scope the plugin to your test computers.

Here is what software portal looks like to users.  The banner and logo can be customized in the settings mentioned above.  Even though the software is pre approved, user would click "submit request".

After clicking submit request, user gets this prompt


After getting that prompt, it takes 5 minutes for the actual install to begin even if the files are already cached on the machine.  I am hopeful this 5 minute delay is minimized in 8.5+.

Reference links:
Using patch to install feature updates: 

Upgrading Win10 using Software Management Solution

0 Favorited
0 Files

Tags and Keywords


Jan 10, 2019 09:43 AM

@jessek - yes I learned that at the Chicago event, but there was some issue to which I am not awake enough yet to remember what.. but it does work, and i have to revisit it soon...

Jan 08, 2019 01:46 PM

Here's some software portal improvements i'd like to see, feel free to vote up if interested

Software Portal - please make software install immediately

Software portal - don't require users to set up account

Jan 08, 2019 01:25 PM

The portal can use policies, as well. Each Managed Software Delivery policy has a Software Publishing tab. When you publish the policy, and a user requests it, their machine is added to a target used by that policy. Pretty much everything we publish in our portal is utilizing policies instead tasks.

Dec 06, 2018 07:21 AM

WOW!!!! really nice writeup....

we do not use the SW Portal at this time as the Portal utilizes "Tasks" which you can't report on like you can SWD via Policy and they also purge to which we keep all of our aex_swd_execution table in tact...


very interesting on the cache part... another way to "cache" via policy is to take what you have there and setup an swd policy and target your machines you wish to upgrade. under schedule, give it a time or whatever you choose and then click advanced. In there under Start/End dates set a date in the way future like 2035...

when client machines check in, they will start to cache in preparation for 2035.. hah...


I dont use the software catalog so that whole zip it up first caught me off guard... very interesting...


Thanks again!


Related Entries and Links

No Related Resource entered.