I have been trying to think of a way to improve the Win10 feature updates for a complex company where some machines could be critical or performing long term operations such as simulations or remote operations that is unmanned.
Scenario:
Company of over 100,000 workstation has a worldwide operation and you are not able to know what is happening in every segment of the company. Causing an unknown or unwanted reboot on a machine could break a simulation or business process. Reboot the MRI machine when someone is 1 minute from completing the scan. All your data is gone, reset the machine pay the techs for more work, the patients have to wait for the person to complete. The goal is to complete the task without doing harm to the company or business process. How do we complete the upgrades on machines that we have no visibility and we don't know exactly when it can be touched. Currently, patching can take 15 mins to reboot but a feature update is still 30 mins or more depending on the age of the machine, process used, what was the previous version of Win10.
Solution:
Set the deadline in the future, possibly the month before the OS expires or company deadline
Then give the user to select the exact date/time for the feature updates to install. This could also be extended for all updates if you grant the operation the ability to select the date/time.
If you have 1E Shopping or similar product then you choose the date/time of the deployment but this doesn't exist in ConfigMgr in the native product.
So I broke down the Software Update policy. Understand that this is simply a proof of concept and I don't have a product wrapped around it. This is all POC and not meant to replace any current procedures.
You can look at the policies for the various Software Deployments on a machine via many methods. But I found that if you modify them they will be overwritten on the next policy cycle or software update deployment cycle. But the policy found in the "ActualConfig" doesn't overwrite and you can modify it. I couldn't find a blog with this process, that is not to say it isn't out there but I created this so I could see if it was possible.
For Test purposes, in my lab, I made a deployment with the default name "Microsoft Software Updates - 2019-12-30 07:14:46 PM";
Next I listed all the Software Deployments but I needed to pull just the one I wanted. This could be named "Windows 10 Deployment" or something else unique so that your UX that is created will know what to look for on the machine.
I deployed the update several years in the future so I could prove that I could then modify the deadline.
For our purpose here we pull in "Software" since this is unique to my deployments.
Here is the code to find and change the deadline for this software update group. Understand that you would need to deploy the Win10 in a single software update group. I have not yet looked at modifying the individual update. This test failed as the date reverted after a Deployment Eval Cycle.
#AssignmentName = "Microsoft Software Updates - 2019-12-30 07:14:46 PM";
get-wmiObject -Namespace "ROOT\ccm\Policy\Machine\ActualConfig" -Class CCM_UpdateCIAssignment -filter "AssignmentName like '%Software%'"
$PatchPath = (get-wmiObject -Namespace "ROOT\ccm\Policy\Machine\ActualConfig" -Class CCM_UpdateCIAssignment).__Path
$newRebootDeadline = @{EnforcementDeadline="20210402161400.000000+000"}
Set-WmiInstance -Path $PatchPath -Arguments $newRebootDeadline
Let's break down the date/time
20210402161400
2021/04/02/16/14/00
2021 - year
04 - 4th Month
02 - 2nd Day
16 - 4pm, 24 hour clock
14 - Minutes
00 - Seconds.
Understand that this is client local time, not UTC.
Should you change the date to a later date, nothing will change to the user. Should you make the date earlier than the previous date then Windows will show a standard Toast Notification.
If you click on the box it will ask if you wish to install now or wait till the deadline.
How do we operationalize this? You can build an HTA allow the user to select a date/time anywhere from the original deadline or a preset date, you don't want the user changing it to 10 years in the future.
I would love to be able to have the change made in the Software Center. The problem is how to make a client setting to allow for custom deadlines and then check a check box on a software update or update group for "Allow Custom Deadlines"
If I could make a website that would read the machine information on the update and deadline, allow the user to select a new deadline and then send the script to the machine and run/change the date/time of the deployment on the machine.
Understand that this is all done in a lab and not in a production environment because I don't know what, if any, harm I could be doing to the CM client or the machine. But this is an interesting question and problem to solve.
