BIG Changes to Windows Feature Updates
By Paul Kelly
It is safe to say that anyone responsible for patch management will have had their fair share of issues with Windows Feature Updates over the years. These updates have amounted to new operating systems versions being released up to twice a year, and needless to say, could be huge in size—ranging anywhere from 3GB to 6GB. This resulted in not only long download times, but also lengthy install times—anywhere from one to two hours—that required multiple reboots to complete.
As a result of the size and complexity of these updates, IT administrators responsible for patch management, would often be forced to run them outside of normal scheduled maintenance windows. While this would minimize the disruption to the end-user, it would also increasing their own workload.
Feature Enablement Packages
However Microsoft has been working to reduce the size and impact of these updates. Now, as you are installing your normal monthly updates, Microsoft is adding features along the way within dormant files that will later be activated by a Feature Enablement Package. When you choose to install the Feature Enablement Package it works as a master switch that activates these dormant features. The difference in this new approach can be quite stunning. The Feature Enablement Package itself can be below 1MB, which means download times will be slashed from many minutes to mere seconds, install times can drop from hours to less than a minute, and the need for multiple reboots will be reduced to just one.
As you read this blog you may be sitting there and thinking, “Well that’s sorted then, it’s Feature Enablement Packages for me from now on.” However, in the words of the great American Football coach and broadcaster Lee Corso, “Not So Fast, My Friend.” Many of those responsible for managing patches—be it in an in-house IT Department or working for an MSP—use patch management applications that as yet have no way to install these Feature Enablement Packages, with some vendors only supporting it via a script.
Deploying Feature Enablement Package with N‑central and N‑sight
The good news though for those of you who use N‑able N‑central or N‑sight RMM is that with the recent release of Patch Management Engine 2.8, this streamlined approach to installing feature updates is fully supported. It’s also important to note that since not all feature updates are released using the Feature Enablement Package (Windows 11 being the most recent example), you can still use N‑central or N‑sight RMM to deploy feature updates using the original method.
If you already use N‑central or N‑sight RMM for patch management, then there are a few things to note:
- Where both the Feature Upgrade and Feature Enablement Packages are detected by a device, you may choose which version you want to approve.
- Where both versions are auto-approved the feature enablement package will be prioritized and attempted first. If successful, this removes the need for the full package.
*Please note, as of January 2023, this functionality is currently supported by the N‑sight RMM agent but not N‑central. The N‑central agent requires a further update, prior to that if both versions are approved the engine will install the larger version. - N‑central users may want to take advantage of keywords in the approval rules to target only a specific version if you auto-approve these.
- Where both versions are detected and approved, they will both be downloaded prior to or during the install window. Therefore it may be in your interest to at first try Enablement Packages if you have concerns about the performance of a specific network.
- These will still be classed as upgrades.
I checked in with Chris Dunsmore, Product Manager for Patch Management at N‑able, on why this update is key for N‑central and N‑sight RMM users. This is what he said:
“We know how important patching is to our customers, our mission is to make it easier to support all patches whilst reducing impact to the end user. This means productising the hurdles you face.
“To this effect, some of what we have added in the past 18 months is support for out of band patching, encrypted devices, Windows 11 OS upgrades, and this latest improvement to how the twice yearly major Feature Updates are installed. That means, no adhoc scripting when emergencies happen, no major downtime for end users or entire networks, and less time spent patching by your Helpdesk.
“We don’t just see this as reducing impact to your end users, it’s also about reducing money spent on your labour costs as well.”
For those of you not currently using N‑able’s N‑central or N‑sight RMM solutions, you can learn more about managing patching through N‑central or N‑sight RMM in our Head Nerd-led Patch Management boot camps. Alternatively, if you have questions about anything here, why not join me on the N-Central Office Hours. For times and dates as to when these different events will be held, check out www.n-able.com/events or reach out to me directly.
Paul Kelly is the Head Nerd at N‑able. You can follow him on Twitter at @HeadNerdPaul, LinkedIn and Reddit at u/Paul _Kelly
© N‑able Solutions ULC and N‑able Technologies Ltd. All rights reserved.
This document is provided for informational purposes only and should not be relied upon as legal advice. N‑able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.
The N-ABLE, N-CENTRAL, and other N‑able trademarks and logos are the exclusive property of N‑able Solutions ULC and N‑able Technologies Ltd. and may be common law marks, are registered, or are pending registration with the U.S. Patent and Trademark Office and with other countries. All other trademarks mentioned herein are used for identification purposes only and are trademarks (and may be registered trademarks) of their respective companies.