In a previous post you used PowerShell scripts to quickly install System Center Configuration Manager (Current Branch) version 1702. As of today (2017/7/29) System Center Configuration Manager (Current Branch) version 1702 is still the current baseline for the Current Branch releases. This post will focus on upgrading from one baseline version to the new release.
Making sense of the different releases
There are two main branches (of Configuration Manager) available Current Branch and Technical Preview:
- System Center Configuration Manager (Current Branch)
- System Center Configuration Manager (Technical Preview)
System Center Configuration Manager (Current Branch) is designed for use in production environments, for managing anything from small to very large Enterprises, whereas System Center Configuration Manager (Technical Preview) is for lab testing environments only and is limited to 10 clients.
The Technical Preview releases are released monthly, and contain the latest and greatest features being trialed in the product, and usually these new features are the result of feedback from uservoice. Current Branch releases on the other hand are released only a few times per year and contain stable, tested features that are mature enough to release into production environments.
Note: You cannot upgrade from a Current Branch to Technical Preview or vice versa, they are two distinct different branches.
Microsoft have released the latest Current Branch offering known as System Center Configuration Manager (Current Branch) version 1706 so it’s time to upgrade again. This release offers many new features, some of which are listed below.
Windows 10 and Office 365
- Manage Microsoft Surface driver updates – You can now use Configuration Manager to manage Microsoft Surface driver updates.
- Windows Analytics Commercial ID and Windows telemetry levels – You can now specify the Windows Analytics Commercial ID and configure telemetry, commercial data, and Internet Explorer data collection settings in Client Settings for use with Upgrade Readiness.
- Improved user experience for Office 365 updates – Improvements have been made to leverage the Office Click-to-Run user experience when a client installs an Office 365 update. This includes pop-up and in-app notifications, and a countdown experience.
Windows 10 Security
- SecureBoot and TPM inventory data – Hardware inventory can now determine whether the device has SecureBoot enabled and various properties of the TPM (enabled by default).
- Windows Defender Device Guard – You can now include trust for specific files and folder paths in Device Guard policies.
- Azure AD-enabled Cloud Management – You can now onboard the site to Azure AD via Cloud Services. Additionally, you can install the client on the Internet.
- Windows Update for Business enhancements – There is a new dedicated experience to configure and deploy deferral settings for easy discoverability.
- Cloud services consolidation – There is now common experience for OMS Connector, Upgrade Readiness, Windows Store for Business, and Cloud Management.
- Reload boot images with latest WinPE version – During the “Update Distribution Points” wizard on a boot image, you can now reload the version of Windows PE in the selected boot image.
- Boundary Group improvements – Boundary groups now support configuring the time for fallback for software update points.
- Configuration Manager Update Reset Tool – We have added new tool to reset and restart in-console updates when they have problems downloading or replicating.
- Accessibility – Screen reader improvements and improved keyboard navigation in and out of the ribbon in the Configuration Manager console.
Configuration Manager connected with Microsoft Intune
- Entrust as certificate authority for PFX Certificates – Entrust can now be used as the certificate authority for PFX certificates.
- Additional Android for Work features – You can now configure app configuration policies for Android for Work and support for available apps.
- Additional Compliance Policy settings – We added additional compliance policy settings that were previously available only in Intune standalone.
- Enrollment restriction conditions – Admin can now prevent enrollment for iOS or Android devices marked as personal.
- Cisco IPSec VPN support for iOS – Cisco IPsec will be a new connection type option for VPN profiles for iOS.
- Windows Edition Upgrade policy – This policy allows admins to set a policy to upgrade Windows 10 to Enterprise editions.
- Additional MAM settings – We added new settings such as block screen capture (Android only), disable contact sync, and disable printing.
- Windows configuration settings – We added new Windows configuration item settings that were previously only available in Intune standalone.
- Create and run PowerShell scripts – You can now create and run scripts with parameters to devices and collections.
- Task Sequence improvements – You can now easily toggle when the task sequence progress is or is not displayed to the end user, on a granular step-by-step basis. Additionally, groups in the task sequence editor can be collapsed or expanded.
- Share an application from Software Center – You can copy a direct link to an application in Software Center using the new Share button in the Application Details view.
Upgrading to 1706
Note: Before updating, please review the following checklist to verify you are ready for the update.
When new Current Branch releases are made public, you have the choice of getting it immediately using a fast ring PowerShell script, or to wait a couple of weeks after which it is made available to the slow ring (and then show up in the ConfigMgr console).
To use the fast ring PowerShell script, download it, and run it to self-extract to C:\FastRingScript_1706. Once extracted, start an administrative PowerShell cmd prompt in that folder and from there use the following command (where CM01 is the <SiteServer_Name | SiteServer_IP> of your CAS or standalone Primary site server).
read the rest of this blog post @ windows-noob.com here.