We help IT Professionals succeed at work.

Uses WSUS to upgrade Windows 10 workstations to latest release

E C
E C asked
on
Some Windows 10 workstations on my network are still running early versions of Windows 10 (1507,  1607, 1703, etc).

All workstations are on the active directory domain, and WSUS 2012 is managing all of the updates. If you log into one of these workstations it says updates are being managed by your organization, and it appears that updates are getting installed. But why don't these workstations get upgraded to the latest version of Windows 10 through WSUS? Is this by design? Is there an option you need to set in WSUS to tell it to install feature/version updates, not just minor/security updates?

As a test, on a few of these workstations I went to the Windows Update control panel and clicked the link to check for updates from Microsoft. This apparently allows you to override the WSUS management. When I click on that link, Windows checks for updates and sure enough it finds (and starts downloading) 'Cumulative update for Windows 10 Version 1607', 'Feature update to Windows 10 version 1803', etc. In other words, this manual process seems to be the only way they can get upgraded to the latest release of Windows 10.

I'm trying to get all Windows 10 workstations on the latest build but I want to do it through WSUS.

In WSUS I created a view called 'Windows 10 Upgrade' and selected the classifications and products in the screen shots below:

Updates are in a specific classification

Updates are for a specific product
Comment
Watch Question

Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
The definition of a view only is exactly that. You still need to accept updates to allow downloading and installation.
I've created a "W10" view with only "WIndows 10", and it shows me "Feature Updates ..." for different releases (along other W10 updates).
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
I would not recommend to use WSUS for that, It lacks control. Use scripts instead that get triggered by scheduled tasks.
Using WSUS, you will have the updates performed at some point in time where it might not be convenient, and also, it circumvents vital security mechanisms like bitlocker in order to install, which is a no go in tightly secured environments. If you need a how to on scripted installation, I can provide that.
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
I have to agree on that. We use WSUS only to see which machines require the upgrade (feature upgrades are kept unapproved for that). Upgrading then happens manually and is monitored for the result.
E C
CERTIFIED EXPERT

Author

Commented:
McKnife - good point. All of my workstations use bitlocker. I'll see how many workstations on my network need Windows 10 upgrades and see if I can handle doing them one by one, manually. Thanks everyone for your help.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Manually is not needed, you can use scripts - but that would need the machine to be inaccessible by users at that time. That's how we do it, once per year, have all the machines at hand, start them on the weekend and deploy the newest build using a scheduled task with randomization in it.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.