Worklet: Automatic OS Upgrade to Windows 10 1909

Hi Ya’ll

Big Shoutout and thanks to @rich for getting the information needed in order for this script to work successfully!

This is a one-click automatic upgrade without needing to pre-deploy the 1909 .iso image to your devices. This Worklet will automatically build out the download link for 1909 based on your OS’s architecture, download the .iso image to you local system, mount the .iso to a disk drive, and then automatically run the download setup all silently without any user interaction. It will remove the iso after the installation completes.

The Evaluation and Remediation code for the Worklet is as follows:

Evaluation:

$iso = ‘C:\programdata\amagent\Windows1909OSUpgrade.iso’

if ((Test-Path $iso) -eq $true)
    {Remove-Item $iso
}

$osversion = (Get-Item "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion").GetValue('ReleaseID')

if (($osversion -lt "1909")) 
	{exit 1
		}
else 
	{exit 0
		}

Remediation:

$lang = "English"
$locID = "en-US"
$verID = "Windows10ISO"
$skuID = "9029"
$prodID = "1429"
$archID = "IsoX64" 

## variables you might not want to change (unless msft changes their schema)
$pgeIDs = @("a8f8f489-4c7f-463a-9ca6-5cff94d8d041", "cfa9e580-a81e-4a4b-a846-7b21bf4e2e5b")
$actIDs = @("getskuinformationbyproductedition", "GetProductDownloadLinksBySku")
$hstParam = "www.microsoft.com"
$segParam = "software-download"
$sdvParam = "2"

## used to spoof a non-windows web request
$userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362" 

## used to maintain session in subsequent requests
$sessionID = [GUID]::NewGuid()

## builds session request url
$uri = "https://www.microsoft.com/" + $locID + "/api/controls/contentinclude/html"
$uri += "?pageId=" + $pgeIDs[0]
$uri += "&host=" + $hstParam
$uri += "&segments=" + $segParam + "," + $verID
$uri += "&query="
$uri += "&action=" + $actIDs[0]
$uri += "&sessionId=" + $sessionID
$uri += "&productEditionId=" + $prodID
$uri += "&sdvParam=" + $sdvParam

## requests user session
Invoke-WebRequest -UserAgent $userAgent -WebSession $session $uri -ErrorAction:Stop -Method:Post -Headers $headers -UseBasicParsing | Out-Null

## builds link request url
$uri = "https://www.microsoft.com/" + $locID + "/api/controls/contentinclude/html"
$uri += "?pageId=" + $pgeIDs[1]
$uri += "&host=" + $hstParam
$uri += "&segments=" + $segParam + "," + $verID
$uri += "&query="
$uri += "&action=" + $actIDs[1]
$uri += "&sessionId=" + $sessionID
$uri += "&skuId=" + $skuID
$uri += "&lang=" + $lang
$uri += "&sdvParam=" + $sdvParam

## requests link data
$response = Invoke-WebRequest -UserAgent $userAgent -WebSession $session $uri  -ErrorAction:Stop -Method:Post -Headers $headers -UseBasicParsing

## parses response data
$objs = $response.Links
$objs | Foreach-Object {$_.href = ($_.href).Replace('amp;','')}
$linky = $objs | Select-Object -Property href | Sort-Object -Property href 
$link = $linky | Select-Object -ExpandProperty href 

## Determine correct link for OS Architecture 
$osarch = (Get-WmiObject Win32_OperatingSystem).OSArchitecture
If ($osarch -eq "64-bit") {
    $dllink = $link | Where-Object {$_ -match 'x64.iso'} 
} elseif ($osarch -eq "32-bit") {
    $dllink = $link | Where-Object {$_ -match 'x32.iso'} 
}

Write-Output $dllink

Try {
    (new-object System.Net.WebClient).DownloadFile("$dllink", "C:\programdata\amagent\Windows1909OSUpgrade.iso") |
    Out-file C:\Windows\Temp\output.csv -Append
} Catch {
    Write-Error ".iso linked was successfully created but download Failed. Reference c:\windows\temp\output.csv for more information or contact Automox Support"
    exit 1
}

#specify path to ISO image 
#############Change the settings in this block#######################
$isoImg = "C:\programdata\amagent\Windows1909OSUpgrade.iso"
##############################################################



Mount-DiskImage -ImagePath $isoImg
$letter = (Get-DiskImage $isoImg | Get-Volume).DriveLetter
$dos = ":" ### Unnecessary with changed line below
$drivemount = "$letter" + "$dos"
Set-Location $drivemount

# Required: The drive letter needs to be manually changed to match the value of $driverletter (ex: Y:)

# Optional: /pkey is for a device that needs a product key. Default is disable, remove "#" to enable. (ex: /pkey XXXXX-XXXXX). Not required for install

# Optional: /noreboot is enabled by default. Remove "#" to automatically reboot the device after install is complete

./setup.exe /auto upgrade /quiet #/pkey

The Evaluation code exits with a 1 if a devices OS version is less than 1909 and executes the policy at the scheduled time

Choose the setup.exe arguments you want when it performs the OS update. This is the last line of code in the Remediation block. By Default it is set to do a quiet install and automatically reboot the device to complete the upgrade.

Here is an example of the setup.exe command using the /quiet and /noreboot argument:

Copy to clipboard

.\setup.exe /auto upgrade /quiet /noreboot

That should do it! Be sure to test this on a few devices before deploy to production environment.

Let me know if there are any questions!

5 Likes

Thank you sooooo very much for publishing this worklet! :money_mouth_face: :money_mouth_face: :money_mouth_face:

2 Likes

Some enhancements have been made to the 1909 upgrade Worklet. These include the following:

  1. Automatic removal of the 1909 .iso image once upgrade has been completed
  2. Automatic drive letter assignment to image disk mount.

These enhancements are aimed to make the script fully automated without any user or admin interaction once the policy is created, and scheduled.

The code above has already been edited to reflect these enhancements.

2 Likes

to begin, dude…BRAVO :money_mouth_face: :money_mouth_face: :money_mouth_face: running a small shop with little/no help, this one worklet has saved my ass!

couple items/questions (sorry if these have been addressed elsewhere/or are appealingly nonsensical)…

  1. if you don’t mind, which lines within the remediation above automatically remove the .iso image? (or how is this auto-magically being removed?)
  2. regarding notifications :: currently, when patching has been completed, a “patches” applied notification (with summary) is emails. could something similar be done with worklets?
  3. regarding user deferred reboots :: currently, when patching has been completed, the user can be given the option to defer pending reboots. could something similar be done with worklets?

again, you are my hero for 2020!! :mechanical_arm: :mechanical_arm: :mechanical_arm:

2 Likes

@jermicide Thanks for the kind words! Glad this is helping you out in your Windows environment!

  1. The .iso removal code is actually in the evaluation code. This works because once a Worklet runs it automatically re-evaluates to ensure the Worklet was successful and is compliant for the device. So, I added the remove-item command in the first line of evaluation so it removes the .iso once the remediation finishes.

  2. You could work the logic in PS to send an email. It could run the $osversion command and if it’s on 1909, then it would send an email letting you know the upgrade was successful. If $osversion returns the same version you were on, then you know it failed and would send a failure email. You could use the same IF statement logic and instead of exiting 1 or 0, it would send the appropriate email. However, it would need to be added in addition to the current IF statement, as if you remove it, it will not evaluate the devices.

  3. No with Worklets today. I do have a reboot notification worklet in this community page that could be sent after the 1909 upgrade and you could use the /noreboot flag in the install command. This way it wont reboot after upgrading to 1909 and then the reboot notification script would run after and schedule the reboot letting users know we will be rebooting.

Hope this helps!

1 Like

Still analyzing. But I think the addition of removing the ISO when the ISO doesn’t exist is causing a failed exit code, and for the remediation to kick off. This is how I’ve updated mine

$iso = ‘C:\programdata\amagent\Windows1909OSUpgrade.iso’
IF((Test-Path $iso) -eq $true){Remove-Item $iso}

1 Like

Jack,

This is a great catch, thanks for sharing! Definitely don’t want evaluation failing since remediation is pretty heavy. I have updated the original code to include this logic.

Thanks again!

1 Like