Windows 10 IoT Enterprise 安全补丁部署指南 2020 年 10 月修订版

admin管理员组

文章数量:1532357

2024年7月30日发(作者：)

Windows 10 IoT Enterprise Security Patches

Deployment Guide

Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid

the problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other

trademarks may be trademarks of their respective owners.

Chapter 1: 4

4

Chapter 2: Deploying security patches for Windows 10 5

Download KBs for Windows 10 IoT from Microsoft 5

Install the MSU or EXE package using Wyse 5

Install the OSComponentCleanup add-on using Wyse 6

Install the DotNetCompilation add-on using Wyse 7

7

Silent 8

Contents3

1

Introduction

Microsoft offers important, recommended, and optional updates. The updates provide significant benefits, such as improved

security and reliability.

This document is intended for downloading applicable security patches and validating for thin clients running the following

operating systems:

●Windows 10 IoT Enterprise LTSB version 1607

●Windows 10 IoT Enterprise LTSC version 1809

You must directly download the security patches from .

For more information about how to download KBs from Microsoft Update Catalog, see Download KBs for Windows 10 IoT

Enterprise from Microsoft Update Catalog.

This guide provides information about creating and deploying a Microsoft update stand-alone package (.msu package) or an

executable file (.exe package) by using Wyse Management Suite.

Topics:

•Support matrix

Support matrix

Table 1. Supported platforms

Operating system

Windows 10 IoT Enterprise LTSB build 1607

Windows 10 IoT Enterprise LTSC build 1809

Supported platforms

●Wyse 5070 Thin Client

●Wyse 5470 Thin Client

●Wyse 5470 All-in-One Thin Client

Table 2. Management server details

Management server

Wyse Management Suite

Version

1.2 and later versions

4Introduction

2

Deploying security patches for Windows 10

IoT Enterprise

Topics:

•

•

•

•

•

•

Download KBs for Windows 10 IoT from Microsoft Update Catalog

Install the MSU or EXE package using Wyse Management Suite

Install the OSComponentCleanup add-on using Wyse Management Suite

Install the DotNetCompilation add-on using Wyse Management Suite

Important notes

Silent installation parameters

Download KBs for Windows 10 IoT from Microsoft

Update Catalog

This section describes the steps to download KBs from the Microsoft Update Catalog site.

to .

the search box, type the search terms. For example, Windows 10 1507 or Windows 10 1607.

Search or press Enter.

Last Updated to sort the KBs from newest to oldest.

and download the following KBs based on your build number (1507 or 1607).

●Update for Windows 10 for x64-based systems

●Security Updates for Adobe flash player for Windows 10 for x64-based systems

●Cumulative Updates for Windows 10 for x64-based systems

NOTE:

○Ensure that you review the prerequisites for the cumulative updates at .

○When you download the latest KB file for cumulative updates, the previous KBs are replaced. To view the

previous KBs related to cumulative updates, click the latest KB for cumulative updates, and then click the

Package Details tab.

you download the KB files, rename the files by removing the extra characters from the MSU file. For example, rename

the file windows10.0-kb4346087-v3-x86_ to windows10.0-kb4346087-

.

NOTE: You must unblock the downloaded content to access the files.

Install the MSU or EXE package using Wyse

Management Suite

You can install the add-on using Wyse Management Suite.

the downloaded file (raw installer) to the Wyse Management Suite server repository.

For example, copy the downloaded file to SharerepositorythinClientApps.

in to Wyse Management Suite.

Portal Administration, and then click File Repository under Console Settings.

Deploying security patches for Windows 10 IoT Enterprise5

the Local Repository check box.

Sync Files.

Wait for the synchronization process to complete. The synchronization process copies the package from the repository to

Apps and Data.

Apps and Data.

The Apps and Data page is displayed.

the copied package in the applications list.

create a group in the Wyse Management Suite server, click Groups & Configs.

The Groups & Configs page is displayed.

the Plus sign (+) button and enter the required details to register your client in the same group.

Apps and Data.

The Apps and Data page is displayed.

Thin Clients under App Policies.

Add Policy to add the policy to the required group.

NOTE: If you use the .exe file downloaded from the Microsoft Update Catalog site, the silent parameter is /quiet/

norestart. The default silent parameters are considered when you use the .msu file.

13.

Update the required fields, and click Save.

Yes to deploy the policy immediately.

the App Policy job, update the description.

Run > Immediately.

Preview and then click Schedule.

The lock screen is enabled when you push the package from Wyse Management Suite.

For more information, see the Dell Wyse Management Suite Administrator’s Guide at .

Install the OSComponentCleanup add-on using Wyse

Management Suite

Follow these steps to install the OSComponentCleanup add-on using Wyse Management Suite:

to .

Product Support, enter the Service Tag of your thin client, and then click Submit.

NOTE: If you do not have Service Tag, manually browse for your thin client model.

Drivers and Downloads.

the Operating system drop-down menu, select the appropriate operating system.

down the page and download the respective .msi file.

the downloaded .msi file to the Wyse Management Suite server repository.

For example, copy the downloaded file to C:WMSLocalReporepositorythinClientApps.

in to Wyse Management Suite.

Portal Administration, and then click File Repository under Console Settings.

the Local Repository check box.

Sync Files.

Wait for the synchronization process to complete. The synchronization process copies the package from the repository to

Apps and Data.

Apps and Data.

The Apps and Data page is displayed.

the copied package in the applications list.

create a group in the Wyse Management Suite server, click Groups & Configs.

The Groups & Configs page is displayed.

the Plus sign (+) button and enter the required details to register your client in the same group.

Apps and Data.

6Deploying security patches for Windows 10 IoT Enterprise

The Apps and Data page is displayed.

Thin Clients under App Policies.

Add Policy to add the policy to the required group.

NOTE: Specify the install parameter as /qn.

the required fields, and then click Save.

An Alert window is displayed.

Yes.

NOTE: The lock screen is displayed during the package installation process on all the thin clients.

Install the DotNetCompilation add-on using Wyse

Management Suite

to .

Product Support, enter the Service Tag of your thin client, and then click Submit.

NOTE: If you do not have Service Tag, manually browse for your thin client model.

Drivers and Downloads.

the Operating system drop-down menu, select the appropriate operating system.

down the page and download the respective .msi file.

the downloaded .msi file to the Wyse Management Suite server repository.

For example, copy the downloaded file to C:WMSLocalReporepositorythinClientApps.

in to Wyse Management Suite.

Portal Administration, and then click File Repository under Console Settings.

the Local Repository check box.

Sync Files.

Wait for the synchronization process to complete. The synchronization process copies the package from the repository to

Apps and Data.

Apps and Data.

The Apps and Data page is displayed.

the copied package in the applications list.

create a group in the Wyse Management Suite server, click Groups & Configs.

The Groups & Configs page is displayed.

the Plus sign (+) button and enter the required details to register your client in the same group.

Apps and Data.

The Apps and Data page is displayed.

Thin Clients under App Policies.

Add Policy to add the policy to the required group.

NOTE: Specify the install parameter as --silent.

the required fields, and then click Save.

An Alert window is displayed.

Yes.

NOTE: The lock screen is displayed during the package installation process on all the thin clients.

Important notes

● add-on:

Deploying security patches for Windows 10 IoT Enterprise7

○The OSComponentCleanup add-on increases free space by optimizing the disk space on thin clients with 32 GB or a

higher disk configuration.

○When you install the OSComponentCleanup add-on for the first time, it may take 1-3 hours to finish the component

clean-up. However, it may take 30-60 minutes to complete the component clean-up process when you again install the

add-on.

○You must schedule the OSComponentCleanup activity as a maintenance task to clear all the overridden operating

system components that are accumulated during the installation of Microsoft security updates.

○The silent installation parameter is /qn.

NOTE: You can download the add-on from .

●DotNetCompilation_WIE10 add-on:

○This DotNetCompilation_WIE10 add-on is required to compile DotNet KB files and delete the software distribution

downloaded folder.

○The silent installation parameter is --silent.

NOTE: You can download the DotNetCompilation_WIE10 add-on from .

Silent installation parameters

Table 3. Silent installation parameters

Add-on

DotNetCompilation_

QFE's in .exe format downloaded from Microsoft

Parameter

--silent

/qn

/quiet /norestart

8Deploying security patches for Windows 10 IoT Enterprise

本文标签： 部署指南