Windows 11 Upgrade using Certero Distribution
Many Certero customers have a need to upgrade to Windows 11 where the built-in Windows Update function does not fulfil their needs. An alternative to using Windows Update is to use Certero Distribution instead, creating a package that performs the upgrade using the original installation media.
What is documented here is an example on how a Certero distribution package can be created where there is no dependency on a UNC path to host the Windows 11 installation media. Rather, a virtual directory is created on the Certero Endpoint server, making the image publicly available for download by Certero agents.
The package is composed of a single procedure that runs a PowerShell command containing all the necessary steps to download the media from the agent's active Endpoint server and use it to upgrade to Windows 11.
Note: The package and PowerShell command are provided as an example only and is a template for further enhancement by customers, e.g. adding error checking to the PowerShell command or failing over to other web servers for image download.
Making the installation media available for download
It is assumed that an organization already has a copy of the Windows 11 installation media which, in most cases, will be a volume license edition.
For those customers that do not, a multi-edition copy can be downloaded from https://www.microsoft.com/en-us/software-download/windows11 .
Any web server can be used to host the installation media, including the download link on the page above. In this example though, we will make the .iso image available for download on a Certero Endpoint server.
Depending upon each customer's environment, they may want to repeat this process for all Endpoint servers that are configured for Windows agents communication.
Creating the virtual directory
Create a folder on the Endpoint server, e.g. D:\iso
Copy the iso image to this folder (in this example we will assume the file is called win11.iso)
Open Internet Information Services (IIS) Manager
Right-click Default Web Site and select Add Virtual Directory ... from the context menu **
For the Alias , type iso
For the Physical Path , type D:\iso
Click OK
In the right-hand pane (Features view), double-click Mime Types
In the Actions menu, click Add
For the File name extension , type .iso
For the MIME type , type application/octet-stream
Click OK
** Note: Default Web Site is only used For remote Endpoint servers. For the built-in Endpoint server, there will be a dedicated website for your instance named AssetStudio_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Testing
From a computer with the Certero agent installed, open a web browser
In the address bar type https://<INSTANCE_HOSTNAME>/iso/win11.iso
The iso image should begin to download (cancel the download)
Creating the package in Certero
The package we will be creating here is self-contained and has no package source. A single procedure is used to run a PowerShell script that has been converted to a single-line command.
The PowerShell command will attempt to download the Windows 11 installation media from the Certero agent's active Endpoint server using a URL that aligns to the image hosted in the previous steps
Login to Certero
Navigate to Distribution > Packages
Click New
For the Name , type Windows 11
Click the Procedures group
Click Add New
Fill in the form as below
Property | Value |
Name | Upgrade |
Command | %WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe |
Parameters | -Command "$Endpoint = Get-ItemProperty -Path HKLM:\SOFTWARE\Certero\Client\Endpoint; DownloadURL = \"http\"; if (Endpoint.ActiveSSL -ne 0) { $DownloadURL += \"s\" }; DownloadURL += \"://($Endpoint.ActiveName)/iso/win11.iso\"; $DownloadPath = 'C:\Windows\Temp\win11.iso'; $Arguments = '/auto upgrade /eula accept /compat ignorewarning /migratedrivers all /dynamicupdate disable /copylogs %SystemDrive%\ProgramData\Temp /noreboot'; Start-BitsTransfer -Source $DownloadURL -Destination $DownloadPath; $vol = Mount-DiskImage -ImagePath $DownloadPath -PassThru | Get-DiskImage | Get-Volume; $setup = '{0}:\setup.exe' -f $vol.DriveLetter; $process = Start-Process $setup -Wait -ArgumentList $Arguments; Dismount-DiskImage -ImagePath $DownloadPath; Remove-Item $DownloadPath -Force; Start-Process 'shutdown.exe' -ArgumentList '/r /f /t 10'; exit $process.ExitCode" |
Execution Context | Run with administrative rights (device based) |
Allow User Interaction | No |
Click OK to save the new procedure
Click Save to save the new package
Additional Notes:
To help diagnose a failed upgrade, logs from Windows setup are copied to %SystemDrive%\ProgramData\Temp .
If the upgrade to Windows 11 is successful, these logs will reside in %SystemDrive%\Windows.old\ProgramData\Temp .
For more information on the options available to Windows command-line setup, see https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options?view=windows-11 .
The previous version of Windows will be automatically deleted in 10 days. For more information, see https://support.microsoft.com/en-gb/windows/delete-your-previous-version-of-windows-f8b26680-e083-c710-b757-7567d69dbb74#:~:text=Ten days after you upgrade,can safely delete it yourself .
Customers licensed for Certero AppCentre may want to create a copy of the procedure above with Allow User Interaction set to Yes , meaning their users could perform the upgrade themselves and see progress throughout.
The PowerShell command used in the procedure is broken down below, with comments added to give explanation.