Important Note: Symantec Encryption Products no longer require using upgrade scripts and and is now fully automatic. All Windows Automatic updates can be installed automatically via Windows Updates that are pulled down.
If you are deploying Windows updates with a deployment solution, such as Altiris/IT Management Suite, these two articles will provide you the proper command to deploy Windows 10 updates on encrypted systems:
How to automatically upgrade Windows 10 systems encrypted with Symantec Endpoint Encryption 11
https://knowledge.broadcom.com/external/article/179265
How to automatically upgrade Windows 10 systems encrypted with Symantec Encryption Desktop 10.4.2
https://knowledge.broadcom.com/external/article/179262
Important Note: Symantec Encryption Products no longer require using upgrade scripts and and is now fully automatic. All Windows Automatic updates can be installed automatically via Windows Updates that are pulled down.
If you are deploying Windows updates with a deployment solution, such as Altiris/IT Management Suite, these two articles will provide you the proper command to deploy Windows 10 updates on encrypted systems:
How to automatically upgrade Windows 10 systems encrypted with Symantec Endpoint Encryption 11
https://knowledge.broadcom.com/external/article/179265
How to automatically upgrade Windows 10 systems encrypted with Symantec Encryption Desktop 10.4.2
https://knowledge.broadcom.com/external/article/179262
#################Historical Content Below#################
You can use the Symantec-provided upgrade scripts to upgrade your 32-bit and 64-bit client computers to the Microsoft Windows 10 Anniversary Update or later without decrypting and re-encrypting your drives.
The scripts support upgrades from the following Microsoft Windows operating systems:
The scripts upgrade Windows to the Windows 10 Anniversary Update or later. The Windows 10 Anniversary Update or any later version of Windows 10.x, is a full OS upgrade and not a patch release, so an in-place OS upgrade is performed.
This article also includes upgrade scripts that you may use to automatically upgrade your Windows client computers to one of the supported Microsoft Windows 10 releases without decrypting and re-encrypting the drives.
Note: As of Symantec Endpoint Encryption 11.2.1 MP1, Windows 10 feature update on Symantec Endpoint Encryption encrypted systems is supported through Windows updates. The Windows feature update can run automatically and administrators do not require to manually run the feature update. For details refer to the “Support for Windows 10 feature update through Windows updates” section in the Symantec Endpoint Encryption 11.2.1 MP1 Release Notes.
However, if you do not want to initiate the Windows in-place upgrades through Windows 10 feature, refer to the instructions in this article for performing the updates later.
Note: Beginning with the Symantec Endpoint Encryption 11.3.0 MP1 release, when you install the Symantec Endpoint Encryption client, the WINSETUPAUTOMATION option is now enabled by default. In previous releases it was disabled by default. However, if you upgrade the system to Symantec Endpoint Encryption 11.3.0 MP1, then the existing value of WINSETUPAUTOMATION is retained.
Later, if the user uninstalls the Symantec Endpoint Encryption client, or edits the registry to set WINSETUPAUTOMATION=0 and restarts the system; then the contents (reflectdriver and PostOobe keys) of the SetupConfig.ini file are automatically deleted.
For details, see the help topic: Upgrading the client with support for Windows 10 feature update through Windows updates
Update | SEE Version | Date |
Added compatibility with the following operating system:
|
11.3.0 | May 10, 2019 |
Added compatibility with the following operating systems:
|
11.2.1 | December 3, 2018 |
Added compatibility with the following operating systems:
|
11.1.3 MP1 | May 15, 2018 |
Added compatibility with the following operating systems:
|
11.1.3 MP1 | December 22, 2017 |
Added information related to Windows 10 Anniversary Update and Windows 10 Fall Creators Update (version 1709) to consolidate this article for all the upgrade scenarios related to Windows 10 Anniversary Update, Creators Update, and Fall Creators Update. | 11.1.3 MP1 | December 22, 2017 |
Ensure that you know the compatibility of your existing Symantec Endpoint Encryption version with the Windows 10 release that you want to upgrade. Also, verify that your client computer meets the hardware and software requirements. The following table list the compatibility and the minimum memory requirement for an in-place upgrade.
Windows 10 version | Compatible Windows Operating systems | Compatible SEE version | Minimum disk space required |
May 2019 Update (v1903) | Windows 7, 8, 8.1, 10, November 2015 update, Anniversary Update, Creators Update, Fall Creators Update, and April 2018 Update | 11.3.0 or later |
For 32-bit systems, 16 GB For 64-bit systems, 20 GB |
October 2018 Update (v1809) (RS5) | Windows 7, 8, 8.1, 10, November 2015 update, Anniversary Update, Creators Update, Fall Creators Update, and April 2018 Update | 11.2.1 or later | |
April 2018 Update (v1803) (RS4) | Windows 7, 8, 8.1, 10, November 2015 update, Anniversary Update, Creators Update, and Fall Creators Update | 11.1.3 MP1 or later | |
Fall Creators Update (v1709) (RS3) |
Windows 7, 8, 8.1, 10, November 2015 update, Anniversary Update, and Creators Update |
11.1.3 MP1 or later | |
Creators Update (v1703) (RS2) |
Windows 7, 8, 8.1, 10, November 2015 update, and Anniversary Update |
11.1.2 or later | |
Anniversary Update (v1607) (RS1) |
Windows 7, 8, 8.1, 10, and November 2015 update |
11.1.1 MP1 or later |
This article includes a limited number of upgrade scenarios. Administrators should consider customizing the procedures documented in this article to meet their organizations' requirements. This article also includes upgrade scripts that administrators may use to automatically upgrade client computers to a Windows 10 release without decrypting and re-encrypting the drives.
Symantec strongly recommends that administrators review and test the upgrade scripts and make necessary changes prior to deployment or upgrade. This ensures that the customized upgrade script meets the needs of that business environment, including any installed third-party applications. Testing the script also confirms that all the customizations and configuration changes work as expected. Administrators must use the process described in this article as a reference point for the in-place upgrade process.
You can upgrade your Windows client computers encrypted with Symantec Endpoint Encryption to a Windows 10 release without decrypting and re-encrypting the drives. To upgrade your client computers using in-place upgrade, you may choose one of the following methods:
To plan your deployment or upgrade, you must first complete the preparatory tasks mentioned in this section before you begin the actual upgrade process.
\\filerserver\windows10media
. To create a Windows 10 installation media (ISO), refer to the Microsoft documentation.\\filerserver\windows10media
to the drive Z, use the following command:Z:\\fileserver\windows10media
Before you perform the following steps, ensure that you have performed all the steps mentioned in the Before you begin to upgrade section.
C:\SEETemp
.C:\SEETemp
) that you created in step 1:eedDiskEncryptionDriver.sys
, eedProtectionDriver.sys
, eedCrashDumpFilter.sys
, PGPce.sys
, PGPce.sys.sig
, eedDiskEncryptionDriver.inf
, eedProtectionDriver.inf
, eedCrashDumpFilter.inf
, PGPce.inf
RegisterDESoftware.re
setupcomplete.cmd
Z:\setup.exe /reflectdrivers C:\SEETemp /postoobe C:\SEETemp\setupcomplete.cmd
/reflectdrivers
option of the Windows 10 setup.exe command during the in-place upgrade. The /reflectdrivers
option provides access to the encryption drivers during the in-place upgrade process.Caution: If your client computer is Opal/hardware-encrypted, do not use the attached upgrade scripts to upgrade. Instead, follow these steps:
The upgrade script files are compressed and attached to this article for download. You may use the upgrade script files to upgrade your 32-bit and 64-bit Symantec Endpoint Encryption client computers automatically to one of the supported Microsoft Windows 10 releases without decrypting and re-encrypting the drives. You can download the compressed archive of your choice, depending on the currently installed version of Windows and Symantec Endpoint Encryption, and the version of Windows 10 to which you want to upgrade.
Important: The following in-place upgrade steps are provided for reference only. Administrators should use this procedure as a guideline and customize the steps and the script to suit their organization's environment and requirements. Symantec strongly recommends administrators to review and test the upgrade scripts and make necessary changes prior to the upgrade. This ensures that the customized upgrade script meets the needs of the business environment, including any installed third-party applications. Testing the script also confirms that all the customizations and configuration changes work as expected.
Scenario: As an administrator, you want to perform an in-place upgrade on Windows client computers that are encrypted with Symantec Endpoint Encryption. You want to automate the in-place upgrade process without user intervention and run the upgrade process in the background using the /auto
upgrade and /quiet
switches.
Before you perform the following steps, ensure that you have performed all the steps mentioned in the Before you begin to upgrade section. If you choose to upgrade using the scripts, the steps in the Upgrading your client computers manually section are automatically performed by the upgrade script.
\\fileserver\windows10media
. Make sure that the user has read access to the folder.\\fileserver\In-place-upgrade-script
.WinRS-upgrade-SEE11.cmd
file, where is the RS version number (for example, WinRS2-upgrade-SEE11.cmd
) and update the following command to add the /auto upgrade
switch and the /quiet
switch, and then save the file.call %1\setup.exe /reflectdrivers %SEETempPath% /auto upgrade /quiet /postoobe %SEETempPath%\setupcomplete.cmd
.bat
) file which you can deploy remotely using a third-party software deployment software.eedAdminCli --enable-Autologon --count 3 --au AdminUserName -ap AdminPassword
net use Z:\\fileserver\windows10media
xcopy \\fileserver\In-place-upgrade-script C:\Symc-scripts /i /a /s /y
cd C:\Symc-scripts
WinRS-upgrade-SEE11.cmd [Folder path to the Setup.exe file in the Windows 10 Installation Media]\
WinRS2-upgrade-SEE11.cmd Z:\
Table: Windows 10 upgrade scripts for Symantec Endpoint Encryption 11.x client computers
Windows 10 version | Compatible Symantec Endpoint Encryption version | Script | Description |
Windows 10 Anniversary Update (RS1) | 11.1.1 MP1 or later |
Win7_Upgrade_SEE11.1.2.zip
|
Contains the scripts for upgrading from Windows 7 to the Windows 10 Anniversary Update. Note: This script also works while upgrading to Windows 10 RS1 or RS2. |
Win8_10_Upgrade_SEE11.1.2.zip |
Contains the scripts for upgrading from Windows 8, 8.1, or an earlier version of Windows 10 to the Windows 10 Anniversary Update. |
||
Windows 10 Creators Update (RS2) |
11.1.2 or later | Win7_Upgrade_SEE11.1.2.zip | Contains the scripts for upgrading from Windows 7 to the Windows 10 Anniversary Update or Creators Update. |
Win8_10_Upgrade_SEE11.1.2.zip | Contains the scripts for upgrading from Windows 8, 8.1, or an earlier version of Windows 10 to the Windows 10 Anniversary Update or Creators Update. | ||
Windows 10 Fall Creators Update (version 1709) (RS3) | 11.1.3 MP1 or later | Win7_Upgrade_SEE11.1.3MP1.zip | Contains the scripts for upgrading from Windows 7 to the Windows 10 Fall Creators Update (version 1709). |
Win8_10_Upgrade_SEE11.1.3MP1.zip | Contains the scripts for upgrading from Windows 8, 8.1, or an earlier version of Windows 10 to the Windows 10 Fall Creators Update (version 1709). | ||
Windows 10 April 2018 Update (version 1803) (RS4) | 11.1.3 MP1 or later | Win7_Upgrade_SEE11.1.3MP1.zip | Contains the scripts for upgrading from Windows 7 to the Windows 10 April 2018 Update (version 1803). |
Win8_10_Upgrade_SEE11.1.3MP1.zip |
Contains the scripts for upgrading from Windows 8, 8.1, or an earlier version of Windows 10 to the Windows 10 April 2018 Update (version 1803). | ||
Windows 10 October 2018 Update (v1809) (RS5) or Windows 10 May 2019 Update (v1903) |
11.2.1 or later | Win7_Upgrade_SEE11.2.1.zip |
Contains the scripts for upgrading from Windows 7 to the Windows 10 October 2018 Update (v1809) and the Windows 10 May 2019 Update (v1903). |
Win8_10_Upgrade_SEE11.2.1.zip | Contains the scripts for upgrading from Windows 8, 8.1, or an earlier version of Windows 10 to the Windows 10 October 2018 Update (v1809) and the Windows 10 May 2019 Update (v1903). |
Symantec provides an additional script that you can run after completing the upgrade to Windows 10 Anniversary Update or later, only if you face any of the issue that are described below.
The post-upgrade script automatically applies a workaround for the following issues:
To run the post-upgrade script:
Post-WinRS-upgrade-SEE11-register.bat
file to apply the workaround.Symantec provides an additional script that you can run after completing the upgrade to the Windows 10 RS3, only if you face any of the issue that are described below.
The post-upgrade script automatically applies a workaround for the following issues:
To run the post-upgrade script:
Post-WinRS3-upgrade-SEE11-register.bat
file to apply the workaround.Note: When you run the post-upgrade script, the "Windows Settings->Accounts->Sign-in options->Privacy->Use my sign in info to automatically finish setting up my device after an update or restart" setting is automatically disabled. For details to disable this setting, refer to the Microsoft article: Winlogon Automatic Restart Sign-On (ARSO).
To view the known issues specific to Windows 10 Fall Creators Update and Symantec Endpoint Encryption 11.1.3 MP1 or later, see the Symantec Support Center article, Known Issues with Windows 10 Fall Creators Update (version 1709) or later and Symantec Endpoint Encryption 11.1.3 MP1 or later.