Installing updates during Autopilot: Windows 11 edition, revisited

By October 24, 2023Windows AutoPilot

[ad_1]

Windows Autopilot

In my previous post about this, I was baffled by the issue I ran into: a reboot during the Autopilot process, needed after updates were installed, effectively bricked the device. But with the cause of that discovered to be something unrelated (running an MDT task sequence as a Win32 app) and fixed, it’s worth revisiting this one too.

So let’s go back through the basics:

  • You can script the installation of Windows updates using the PSWindowsUpdate PowerShell module.
  • I’ve written a relatively simple PowerShell script that uses PSWindowsUpdate to install all available updates. It has a few reboot options, but the default (and what’s in the Win32 app below) is to do a “soft” reboot by returning a 3010 return code.
  • That script gets wrapped into an Intune Win32 app, also available on GitHub. (This Win32 app will recognize the 3010 return code and perform a reboot at the end of the Autopilot machine ESP process.)
  • You can then import the UpdateOS.intunewin app package into Intune and configure it using the instructions that I published a few years ago.

And that will do it — but you probably will want to make a couple of additional tweaks:

  • Increase the time limit on the Update OS Win32 app. The default of 60 minutes may not be enough, depending on the speed of your PC and the size of updates being installed. (On my fast SSD-based VM, it takes just about an hour, so sometimes Intune marks it as failed.)
  • Increase the time limit for the Enrollment Status Page. I suspect you don’t have enough time specified to allow for an extra hour being thrown into the mix.

So yes, this Windows update process is very slow. There’s not a lot you can do about that though.

While I was making updates to the script anyway, I added some logic to opt into Microsoft Update, so the script will now install other types of available updates as well.

To see what it did, you can check the log that is created in C:ProgramDataMicrosoftUpdateOS.

Apart from the extra time added (the execution above took 45 minutes, while another attempt overnight took 65), there is one other impact: Because of the reboot during the device ESP process, the user will not automatically sign into Windows (credentials are not saved across reboots), so at the end of the Autopilot process they will be left at a logon prompt; after logging in, they’ll see the first logon animation, user ESP (if enabled), and then the desktop.



[ad_2]
Source link

Share this post via

Tags:

Leave a Reply