question

kusalwalakada-1859 avatar image
0 Votes"
kusalwalakada-1859 asked ·

Windows 10 Inplace upgrade with Checkpoint FDE (Windows 10 and Configuration Manager)

Hi felllow engineers,

I am trying to implement IPU TS to update from Windows 10 1903 to 20H2.

All my computers have Check Point FDE enabled. Therefor, I have to use the use a SCCM package with Windows 10 20H2 source and run a task sequence command line option as blow;

setup.exe /auto upgrade /DynamicUpdate disable /ShowOOBE none /quiet /noreboot /compat IgnoreWarning /postrollbackcontext system /ConfigFile "%SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"

My questions are,

Has anyone done this before ? Could you please share the process you take to upgrade with FDE ?

What is the rollback procedure if the upgrade fails. Will it automatically roll back which I don't think as I'm not using the buildin "Upgrade Operating System" TS action. Should I include additiona roll back steps. Could you please share some of your experiences.

mem-cm-general
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SimonRenMSFT-3639 avatar image
0 Votes"
SimonRenMSFT-3639 answered ·

Hi,

Thanks for posting in Microsoft MECM Q&A forum.

With version E80.71 or higher, configurations can be made to support seamless OS upgrade with FDE in-place using the SetupConfig.ini file. Here is a article for your reference:
How to upgrade to Windows 10 1607 and higher with FDE in-place
Please note: The links are not from Microsoft, just for your reference. Hope it helps. Thanks for your time.
 
Best regards,
Simon


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

kusalwalakada-1859 avatar image
0 Votes"
kusalwalakada-1859 answered ·

@SimonRenMSFT-3639
Thank you for the reply. How would I add the command (setup.exe with SetupConfig.ini) to a inplace upgrade task sequence..
As far as I know Inplace Upgrade TS has its own default command.

Or is it down via a TS package and setting the command as program?

Your assistance is much appreciated.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RiveraJose-7335 avatar image
1 Vote"
RiveraJose-7335 answered ·

Use the standard "Upgrade operating system step" instead of a package. Add the "OSDSETUPADDITIONALUPGRADEOPTIONS" task sequence variable before the upgrade os step and point to the drivers vs the setupini file.

Example variable value: /reflectdrivers "C:\program files (x86)\checkpoint\endpoint security\full disk encryption\driver" /resizerecoverypartition disable /noreboot

Depending on which version of checkpoint you have installed you may have to enable BCD boot on the device and restart prior to the upgrade.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GaryBlok avatar image
0 Votes"
GaryBlok answered ·

You can use the Native Step
You don't need to use SetupConfig.ini
You can do this all in your task sequence.

This works with any 3rd Party Encryption, I've tested a couple different ones, and I know it works with CheckPoint

Here is a mockup I tossed together to show how it would work:

Using a Set TS Variable Step, set the Variable: OSDSetupAdditionalUpgradeOptions
Set it to something like this:

 /ReflectDrivers "C:\Program Files (x86)\CheckPoint\Endpoint Security\Full Disk Encryption\Driver" /ResizeRecoveryPartition Disable /DiagnosticPrompt disable /priority high /MigNEO Disable

76084-image.png

Then use a normal Upgrade Windows Step:
75919-image.png


Take a look at this page, Demo 3, it will show the SMSTS.log file how it builds the windows 10 setup command and adds the content in the OSDSetupAdditionalOptions variable. https://docs.recastsoftware.com/ConfigMgr-Docs/TaskSequence/SCCM-TaskSequence-Step-Upgrade-Operating-System.html#demo-3---upgrade-from-1809-to-1909



image.png (200.1 KiB)
image.png (333.9 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.