In 2016 we began the process of moving from Windows 7 to Windows 10 1511 learning a ton along the way. After 1607 went Current Branch for Business (CBB) we began planning for that upgrade phase, and what lies below is a overview of that process.
Initial Smoke Test
Once 1607 went CBB we very quickly threw an upgrade Task Sequence together to see what the upgrade process looked like and what, if anything, broke. The upgrade process went smoothly, the vast majority of applications worked but there were a handful of things that needed to be worked out
- Remote Server Administration Tools (RSAT) was no longer present
- Citrix Single Sign-On was broken
- A bunch of Universal Windows Platform (UWP) or Modern Applications we didn’t want were back
- Default File Associations had reverted
- The Windows default wall paper had returned
- User Experience Virtualization (UE-V/UX-V) wasn’t working.
- Taskbar pinnings were incorrect; Specifically Edge and the Windows Store had returned
Still, everything seemed very doable so we had high hopes for getting it out there quickly.
Approach: Servicing vs Task Sequence
Wanting to get our feet wet with Windows as as Service (WaaS), we explored leveraging Servicing Plans to get everyone on to 1607 but quickly ran into a show stopper: How were we going to fix all of the 1607 upgrade ‘issues’ if we went down this path?
We couldn’t find an appealing solution for this, so we went ahead with the Task Sequence based upgrade approach. This gave us greater flexibility because not only could we fix all the upgrade issues but also do a little housekeeping, like install new applications, upgrade existing applications, remove retired applications and more. This was far simpler and more elegant than setting up a bunch of deployments for the various tasks we wanted to accomplish either before the upgrade or after.
Avoiding Resume Updating/Generating Events
One concern with Servicing was ensuring the upgrade wasn’t heavy handed, forcing a machine to either upgrade mid-day because they were beyond the deadline or during the night because they left their machine on. This was because the upgrade would bounce their machine which could potentially result in lost work, something most people find undesirable. With Servicing, we couldn’t come up with a sure-fire way to check for and block the upgrade if, say instances of work applications were detected, such as the Office suite, Acrobat and so on.
Sure, we could increase the auto-save frequency – perhaps setting it to 1 minute – and craft a technical solution to programmatically save files in the Office Suite, safe Drafts and try to do some magic to save PDF’s and so on. But at the end of the day, we couldn’t account for every situation: we would never know if the person wanted to create a new file vs a new version or simply overwrite the existing one. And most importantly, we didn’t want to have to answer why a bunch of Partners lost work product as a result of the upgrade.
So, we decided to go the Task Sequence route.
Task Sequence Based Upgrade
Now that we knew which way we need to go, it was just a matter of building the fixes to remediate the upgrade issues then setup the Task Sequence.
- Remote Server Administration Tools (RSAT) – Prior to performing the OS upgrade, a script is executed to detect RSAT, and if present, a Boolean variable which is referenced after the upgrade is complete to triggers re-installation of RSAT.
- Citrix Single Sign-On – This is a known issue – see CTX216312 for more details.
- Universal Windows Platform (UWP) applications – Re-run our in-house script to remove the applications.
- Default File Associations
- Option 1: Prior to performing the OS upgrade, export HKCR and HKCU\Software\Classes then import post upgrade.
- Option 2: Re-apply the defaults via dism from our ‘master’ file.
- Wallpaper – Re-apply in the Task Sequence by taking advantage of the img0 trick.
- UE-V/UX-V – The upgrade process broke the individual components of the UE-V Scheduled Tasks requiring a rebuild. Once fixed on a machine we copied the good/fixed files from C:\Windows\System32\Tasks\Microsoft\UE-V and setup the Task Sequence:
- Enable UE-V during the upgrade via PowerShell
- Copied the fixed files into C:\Windows\System32\Tasks\Microsoft\UE-V
- Updated the command line the Scheduled Task ran
- Disabled the ‘Synchronize Settings at Logoff‘ Scheduled Task since that was still buggy, causing clients to hang on log off.
- Taskbar Pinnings – Prior to performing the OS upgrade, export HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Taskband then import post upgrade.
- Critical Process Detection – CustomSettings.ini calls a user exit script that loops through a series of key executables (outlook.exe, winword.exe etc.) running tasklist to see if a process is detected and if so sets a Task Sequence variable that’s later evaluated.
Since we were going the Task Sequence route, and it would be generally available in Software Center, it was decided a password prompt might help prevent accidental foot shooting. So shortly after the Task Sequence launches an HTA driven password prompt is displayed that only IT should be able to successfully navigate. This added yet another line of defense for anyone who ‘accidentally’ launched the Task Sequence;
Even though one has to click through two prompts to confirm the installation but whatever. 🙂