Last couple of weeks were really on fire for the deployment community, Microsoft has released not only the Windows 10 ADK but also the new version of MDT (MDT 2013 Update 1) that officially support the new OS. Great guys like Johan and Keith have already dissected every single bits of that new version, but a question remain… Where the hell is that upgrade task sequence ???!!….
Well, instead of waiting the next release of MDT, I have something to share that could temper every deployment geek’s impatience until next version comes out. But before going further, let’s recap what exactly is an “upgrade” !
Upgrade Scenario 101
If you’ve ever wanted to just upgrade your Windows 7/8.1 without painfully backing up all you data, and reinstall all your apps after the new OS is ready, good news : Microsoft has you covered ! The news was first announced during the last TechEd Europe with this very engaging baseline : “Upgrade scenario is now a first class citizen !!!”
So basically, an upgrade scenario allow to replace an old OS with a new one without reformatting your disk, migrating your user data or reinstalling yours applications (at least those that are compatible).
Sounds good, isn’t it ? … Maybe to good after all… for those who remember ; Upgrade scenario is “an old new thing” from the Windows 3.1 ages, and as fare as I can remember, had more failure than success… The game changer nowadays is the huge investment Microsoft has put in the technology (they’ve rolled up Windows 8.1 internally using it). So I believe it’s the right time to fire-up our lab environment, and have fun assessing what this new “citizen” have to offer….??!!!…
Implementation
As the title said this is the MDT implementation of the upgrade scenario, if you want to test it on SCCM 2012 Aaron Czechowski as already put together a Task Sequence on the config manager blog.
The TS (Task Sequence) works with MDT 2013/ADK 8.1 or MDT 2013 U1/ADK 10 and has some limitations listed here.
Also, if you wish to get all the details about this new technology plus other upcoming news around deployment, watch the following very interesting videos from TechEd :
Now that you are backed with solid knowledge, download and install this package,and place the files as explained bellow.
note : I assume that you have an already working installation of MDT with a ready made network deployment share.
Copy InPlaceUpgrade.xml to the folder:
C:\Program Files\Microsoft Deployment Toolkit\Templates
Copy all the other files to folders
C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Scripts and<Deployment Share>\Scripts
Now, if you open MDT to create a task sequence, you will notice that a new TS template is available called “Inplace Ugrpade Task Sequence”
Select it and click next.
On the next panel, select the Windows 10 Enterprise Image you’ve previously injected in MDT
Every other panels can be safely skipped.
Now that the task sequence is ready, let’s review some of the option available to tweak it :
Driver Injection
Why would you want to inject drivers, all existing drivers will migrate after all ? Yes you’re right, this option can be used to stage some hot new hardware’s that windows 10 does not yet support.
To inject drivers, you simply have to import them to MDT using the Import driver option from the Out-Of-Box Drivers container :
Once done, you only need to create a selection profile and specify witch one to inject in the task sequence step Inject Drivers :
You can even go ‘Control Freak’ by enabling the step “Assign Driver Group” just above :
Install Application
After upgrade, some Applications may be broken or you will need a compatible Windows 10 version. For this purpose, use the step Install Applications :
You can use an application bundle or copy/paste the step multiple times if you prefer one app per step. You can also select applications with the wizard panel if you choose “ Install multiple applications” (don’t forget to set the property SkipApplications to NO)
Post deployment Clean up
No matter upgrade turned good or not, some clean up task could be performed just after. You can set the property RemoveWinOldSuccess=YES/NO in the customsettings.ini if you want to delete Windows.old folder after a successful Upgrade. You can also do the same if the upgrade fail by setting up RemoveWinOldFail=YES/NO.
Note : If YES is specified in any of those properties, the rollback option in the boot menu will also be removed.
Wizard Configuration
Most of the wizard panels are useless in this scenario except for the computer’s local admin password panel which is required to automatically re-enter the session after upgrade.
Here is an example of settings you can apply if you already know the local admin password and want to skip all the panels :
TaskSequenceID=WIN10-X64-001 (Replace by your own upgrade TS ID)
SkipTaskSequence=YESSkipAdminPassword=YES
AdminPassword=Azerty!1 (Replace by you own local Admin password)SkipProductKey=YES
SkipApplications=YES
SkipBitLocker=YES
SkipSummary=YES
SkipRoles=YES
SkipUserData=YES
SkipTimeZone=YES
SkipLocaleSelection=YES
SkipPackageDisplay=YES
SkipCapture=YES
SkipDomainMembership=YES
UserID=User-DP (Replace by network account with right to connect to the deployment share)
UserPassword=P@ssw0rd (Replace with your network account password)
UserDomain=MyDomain (Replace with your Network account Domain)
How to use
here is the way to launch the upgrade task sequence :
Login to the PC you want to upgrade with the local admin account (and I really mean the local admin account, not a member of the local admin group !). this machine should be Windows 7, 8.1 or an early build of Windows 10.
connect to your network deployment share:
Open an elevated command prompt and type
Net Use Z: \\mdt-server\deploymenshare$ /user:MyDomain\admindc P@ssW0rd
Z :
Cd scripts
Cscript Litetouch.vbs
note: User account and password in the Net use commande are the one requiered to connect to the share.
Once done, MDT should launch
Panels should appears or not depending of your previous choices :
Upgrade will proceed at some point (this can take a while !!), and yes, that scary fixed progress bar is making you feel that the process has hang… but it’s not, simply be patient !
Machine Should Reboot to Apply the new OS
Application should be installed before finishing the upgrade
Upgrade done !!! You Win ! Perfect, Ah Ah Ah !!!…
Early conclusion
After some testing, I must admit that I’m very enthusiast about that new upgrade scenario, most of my tests were conduct with Windows 7, 8.1 and 10 as OS sources, with clean test machines but also with production PC. It has worked seamlessly on all “regular” configuration but failed on most advanced one (SQL Server + McAfee Encryption) . All in all this could be enough for a large majority of enterprises.Good job Microsoft, the process looks fare more robust than his XP parent and should definitely be considered as a valid scenario by IT pros.
Prepare your upgrade scenario !!
As we’ve just seen before, the technology is almost ready and working, let’s not forget about prerequisites and pitfall not linked directly to the upgrade technology but who are impacted by this new boy ! Of course, don’t take everything literally, as it’s just my two minutes refection brain dump on that matter.
From where to where ?
If Windows 8.1 to windows 10 should work relatively well, I believe that Windows 7 to Windows 10 will remain challenging. The major issue for this case is application compatibility. Using upgrade will require :
- Application testing and remediation (after all, our job has not changed yet !) with probably a fair amount of incompatible applications who will requires to be updated. So, planning an application migration project ahead of your Windows 10 migration could also be a very good idea.
- Upgrade will probably be easier to leverage with SCCM than with MDT if applications are packaged the right way (if the uninstallation part is handled correctly to be precise). Full advantages of the SCCM application model can really make the difference for that particular case.
- Migrating to IE11 will greatly level up your migration ease, so again : plan ahead !
Infrastructure changes.
At some point it needs to be said clearly : the major advantage upgrade has over other scenarios is user data preservation. The rest of the job is still the same. So don’t get fooled by the magic effect of an OS upgrade as it won’t fix your infrastructure or software problems.
- Each OS is different so you should not apply your old GPO on it, A review need to be done, some part like pre IE 10 settings doesn’t exist anymore, some other are totally new like skydrive or appstore management.
- Windows 10 will come with a tone of enhancement, some of them may feat your needs so it will probably be the right time to redefine some parts (think Intune, Office 365, ADFS, AD claims, Bitlocker network unlock, Workfolders…)
Bare metal and update are still part of the process.
Before rolling upgrade scenario as your preferred solution, remember that bare metal deployment is still needed for two mandatory concerns : Deployment for new devices and configurations that don’t support upgrade
- Your annual load of fresh PC still need an OS deployed from scratch, so the “New Computer” scenario should also be part of your deployment solution. Some of you may object that there is a new provisioning deployment scenario (with a tool called WICD) to get ride of bare metal, but I don’t think this will ever happen because this one is targeted for very different usage like BYOD (watch teched videos for more info). All in all, if the upgrade scenario can help reducing the migration pain, it doesn’t replace any of the previous one… so more works involved at the end of the day !
- Some very specific configuration won’t simply upgrade. You’ll need to handle them. So as I just said before, upgrade won’t probably exist without an associated bare metal deployment or a classic update (Backup data, wipe disk, install new OS, restore data) for all the other non working cases.
Disc encryption needs to be managed.
If you use bitlocker, the only needed requirement is to release the disk before starting the upgrade. If you use McAfee encryption or any other third party drive encryption tool, you will need to decipher it before upgrading as it simply won’t works.
It’s yours !
Now that you almost know everything about how this new toy should works, why not downloading the MDT or the SCCM task sequence and give it a try, I’m sure you’ll be very exited once you’ve seen it working.