Updating computers encrypted with Symantec Encryption Desktop automatically to a Windows 10 feature update

book

Article ID: 175484

calendar_today

Updated On:

Products

Endpoint Encryption

Issue/Introduction

You want to automatically update (perform feature update on) your Windows 10 (1607) or later client computers encrypted with Symantec Encryption Desktop to a supported Windows 10 release without decrypting the drives.

Note

If you want to upgrade your encrypted computers to a Windows 10 release from an earlier Windows release (7, 8, 8.1, 10) manually or using the Symantec provided upgrade scripts, see the Symantec Support article at https://support.symantec.com/us/en/article.howto128174.html.

Environment

  • Windows client computers encrypted using Symantec Drive Encryption, a component of Symantec Encryption Desktop version 10.4.2 Maintenance Pack 3 (MP3)
  • Windows client computers running Windows 10 version 1607 (Anniversary Update) or later

Resolution

Overview

Starting with Windows 10, Microsoft packages new features into "feature updates" and offers them through Windows Update for Windows 10 users.

Starting with version 10.4.2 MP3, Symantec Encryption Desktop uses the Windows Setup Automation functionality and allows the Windows feature updates to automatically install and update the encrypted systems to a newer version of Windows 10 without decrypting the drives.

When installed, Symantec Encryption Desktop 10.4.2 MP3 automatically configures the SetupConfig.ini (configuration file). Later, when Windows feature updates are ready to install, the Windows setup.exe uses the parameters from the Setupconfig.ini file to install the feature updates on the encrypted computers.

For more information on Windows Setup Automation functionality, refer to the Microsoft article titled Windows Setup Automation Overview, available at https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview.

To install Symantec Encryption Desktop 10.4.2 MP3 enabled for updating encrypted computers to a Windows feature update automatically

Note: Before you install or upgrade to Symantec Endpoint Desktop 10.4.2 MP3, ensure that the Windows updates are not being downloaded or not being installed on the client computer.

  1. Run the Symantec Encryption Desktop installer. For example, PGPDesktop_en-US.msi.
    Alternatively, you can install Symantec Encryption Desktop from command line as shown in the following example:
    msiexec /i PGPDesktop_en-US.msi /l*v installation.log
  2. Restart the computer.
  3. The following files are created automatically:
  • The SetupConfig.ini file is created at %systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\
    Note: If a SetupConfig.ini file is already available at the location, the file is reconfigured.
  • The Installation.log file is created at the current directory.

Troubleshooting tip

If the Windows feature update fails on computers encrypted with Symantec Encryption Desktop 10.4.2 MP3, administrators can do the following:

  • Manually edit the Setupconfig.ini file and create a folder to capture Windows update setup logs as shown in the following example:
    CopyLogs=C:\ProgramFiles\PGP Corporation\OS Upgrade Files\Logs
    Use the logs files to track the events related to Windows updates.
  • Clean the Software Distribution folder. Delete any updates files that are already stored in the folder.
  • Restart Windows update.

To disable Symantec Encryption Desktop 10.4.2 MP3 from automatically updating the encrypted computers to a Windows feature update

If you do not want to update your encrypted computers automatically using the Windows Setup Automation functionality, do the following:

  1. Navigate to the registry entry, HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP.
  2. Set WINSETUPAUTOMATION to 0.
    Note: To enable, set WINSETUPAUTOMATION to 1. By default, WINSETUPAUTOMATION is set to 1.
  3. Restart the computer.