N-able N-centralPatch Management - Handling Windows 10 Feature Updates
Thu Jan 23 22:03 GMT 2020
- If your N-able N-central Patch Management configuration isn't optimized to handle the Windows 10 Feature Updates, your customers may be surprised by unexpected reboots. This article will provide guidelines for configuring your N-able N-central Patch Management to better control when the Feature Updates can install, and therefore control when the reboots occur
- This article assumes you are familiar with N-able N-central Patch Management and how to manipulate rules, auto approvals and maintenance windows
- All Supported Versions of N-able N-central
- Agents with Windows 10 installed and using Patch Management
SolutionMaking the below changes to your Patch Management configuration will help you control when these Feature Updates install. Controlling them is important to be able to prevent your Windows 10 devices from rebooting unexpectedly either from an unexpected, but approved, install of one of the Feature Updates, or Microsoft forcing the Feature Update to devices on end-of-life versions of Windows 10.
- Remove the Upgrades and Updates categories from your Automatic Approval rules. Remember to use Run Rule Now when this, or any other change, is made to your Automatic Approval Rules
- Adjust your Patch Install Windows to remove these two classifications - this will prevent the Feature Update from installing just in case it gets approved unintentionally
- When a new Feature Update is detected or announced, turn off Patch On Boot in your patch profiles - while this is good to have turned on most of the time, when it triggers, it just installs all needed approved patches. There is no way to make it install everything but the Upgrades and Updates classifications
- Add a Patch Install maintenance window for the appropriate time for the installation
- Approve the Feature Update
You should also make sure your clients' Group Policy configuration is deferring Feature Updates, to add another layer of preventing Microsoft from forcing these onto your client devices. Microsoft can and will change how GPO should be configured to defer feature upgrades, so please refer to Microsoft Support for the current procedure.