N-able N-centralPatch Management - Handling Windows 10 Feature Updates

Last Modified

Thu Jan 23 22:03 GMT 2020

Description

  • If your N-able N-central Patch Management configuration isn't optimized to handle the Windows 10 Feature Updates, your customers may be surprised by unexpected reboots. This article will provide guidelines for configuring your N-able N-central Patch Management to better control when the Feature Updates can install, and therefore control when the reboots occur
  • This article assumes you are familiar with N-able N-central Patch Management and how to manipulate rules, auto approvals and maintenance windows

Environment

  • All Supported Versions of N-able N-central
  • Agents with Windows 10 installed and using Patch Management

Solution

Making the below changes to your Patch Management configuration will help you control when these Feature Updates install. Controlling them is important to be able to prevent your Windows 10 devices from rebooting unexpectedly either from an unexpected, but approved, install of one of the Feature Updates, or Microsoft forcing the Feature Update to devices on end-of-life versions of Windows 10.
  • Remove the Upgrades and Updates categories from your Automatic Approval rules. Remember to use Run Rule Now when this, or any other change, is made to your Automatic Approval Rules
  • Adjust your Patch Install Windows to remove these two classifications - this will prevent the Feature Update from installing just in case it gets approved unintentionally
  • When a new Feature Update is detected or announced, turn off Patch On Boot in your patch profiles - while this is good to have turned on most of the time, when it triggers, it just installs all needed approved patches. There is no way to make it install everything but the Upgrades and Updates classifications
Once you are ready to have the Feature Update install, remember that it will force a reboot as soon as it is completed - this cannot be prevented by N-able N-central . Keep this in mind for setting your customers' expectations for this upgrade. Once you have determined a schedule for your client or clients:
  • Add a Patch Install maintenance window for the appropriate time for the installation
  • Approve the Feature Update
Scheduling this relatively soon compared to when the Feature Update is made available will help keep your devices ahead of the curve, and get them updated well before Microsoft starts forcing the Feature Update out to devices at a time of their choosing.

You should also make sure your clients' Group Policy configuration is deferring Feature Updates, to add another layer of preventing Microsoft from forcing these onto your client devices. Microsoft can and will change how GPO should be configured to defer feature upgrades, so please refer to Microsoft Support for the current procedure.