Updating Windows 10 image files with Microsoft Endpoint Configuration Manager (MECM)
The Microsoft Endpoint Configuration Manager (MECM), is a Microsoft Systems Manager that allows administrators to manage both the deployment and security of devices and applications across an enterprise. MECM authorizes end users access without compromising security. One of the lesser-known but quite useful tools of MECM is the Schedule Update feature on image files. This feature allows an administrator to install operating system updates on image files within MECM.
Why would an administrator need this feature?
While an administrator could use Microsoft Windows Deployment Image Servicing and Management (DISM) to install operating system updates on an image, an administrator could ‘crack” the image and run operating system updates, then recapture the image. The less time administering updates for the image means that more secure PC images can be produced quicker. For example: In the time it would take an administrator to have half of the image loaded, via DISM, the Scheduled Update feature would be finished updating the image. While these processes have their place, these are not the best tools for the job. The bottom line is that these processes are not as efficient as the Schedule Update feature.
Please note that the time Scheduled Updates take is also dependent on the number of updates that are chosen to be installed. The more updates chosen, the longer the Scheduled Update will take. It is suggested that the administrator creates copies of an image file before updating, as the update may adversely affect the image.
How does an administrator use this tool?
Before getting started, there are pre-requisites to enable this tool. First, the MECM server will need to install the Software Update Point (SUP) role and the Windows Server Update Services (WSUS), will require to be enabled. The SUP interacts with the WSUS to configure the software update settings and requests synchronization of software updates metadata. In addition, software updates will need to be configured and downloaded. Configuring these pre-requisites is not in the scope of this article.
How to navigate within MECM
|Once the pre-requisites are set, the administrator would navigate within MECM to: Software Library > Overview > Operating Systems > Operating System Images|
|Select the Windows 10 image file needing OS updates.
Right-click image and select Schedule Updates.
|This will bring up the Schedule Updates Wizard window.
It will take several minutes to populate with the applicable downloaded updates for the image.
|Once the window has populated, a filter can be applied to specify what build updates the administrator wants to install.
The example being used is a 21H2 build. “21H2” is entered in the search area. The check box Select or Unselect all software updates in this list can be checked or unchecked based on your needs.
Note: Updates can be deselected at any point. Once satisfied with selections click on Next.
|The administrator will then set the schedule. In this example, the defaults are used. The following checkboxes are important to realize checked as default.
Continue on error and Update Distribution Points with the image. If Continue on error is checked the administrator will not be able to address any errors if these occur. If Update Distribution Points with the image is unchecked once updates are done the administrator will need to manually run through the process of updating the image.
Please note: In this example, these updates have already been run on a duplicate image file.
The summary window will appear to inform the administrator of the choices made until this point.
|By selecting next, the update will either run and show progress or will be run when the administrator scheduled.|
At C2, we have assisted many customers with their MECM deployments and are here to help you too! Get started today and contact an MECM specialist at C2.