In our environment, Windows 10 feature updates weren’t appearing in the list of available patches. Here’s a solution that doesn’t require downloading an ISO file.
There is a registry setting to target a specific feature update. Once we set that registry setting, the feature update became available as a regular patch and we could manage it easily with Automox.
This script checks if the machine is running Windows 10, and if so it sets the TargetReleaseVersion
and TargetReleaseVersionInfo
registry values to match the update you specify. To modify the script for your preferred Windows 10 version, just edit the $targetFeatureUpdateVersion
variable in the evaluation and remediation scripts. Use the version numbers as listed on the Windows 10 release information page.
Evaluation:
<#
.SYNOPSIS
Checks if the registry is set to upgrade Windows 10 to a specific version.
.DESCRIPTION
Checks if the computer is running Windows 10 and if the TargetReleaseVersion and
TargetReleaseVersionInfo registry keys are set in this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
Exits with 1 (non-compliant) if the computer is running Windows 10 and the keys are missing,
otherwise exits with 0.
.NOTES
The Automox agent is 32-bit, so we use a script block to run commands in a 64-bit
PowerShell process. This is the easiest way to access the 64-bit registry.
#>
$scriptblock = {
# Use the version number as listed at https://aka.ms/ReleaseInformationPage
#####
$targetFeatureUpdateVersion = "20H2"
#####
$windowsVersion = (Get-WmiObject win32_operatingsystem).Caption
if (-not $windowsVersion.Contains("Windows 10")) {
return 0
}
$wuKeys = Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
if ($wuKeys.TargetReleaseVersion -ne 1 -or $wuKeys.TargetReleaseVersionInfo -ne $targetFeatureUpdateVersion) {
return 1
}
else {
return 0
}
}
$exitCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock
exit $exitCode
Remediation:
<#
.SYNOPSIS
Sets the registry to upgrade Windows 10 to a specific version.
.DESCRIPTION
Sets the TargetReleaseVersion and TargetReleaseVersionInfo registry keys in this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
.NOTES
The Automox agent is 32-bit, so we use a script block to run commands in a 64-bit
PowerShell process. This is the easiest way to access the 64-bit registry.
#>
$scriptblock = {
# Use the version number as listed at https://aka.ms/ReleaseInformationPage
#####
$targetFeatureUpdateVersion = "20H2"
#####
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name TargetReleaseVersion -Value 1 -Type DWord
Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -Name TargetReleaseVersionInfo -Value $targetFeatureUpdateVersion -Type String
}
& "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock
exit 0