So I have a base Win 10 image we deploy using SCCM to new systems. This was a clean install setup as a base using Microsoft's suggested practice of customizing using Audit Mode. I've been using this successfully (using Windows PS ISE to do Windows updates to the base image in Audit Mode).

Now comes "upgrade" 1511, which the PS ISE Windows Update checks and identifies as downloadable as an update. However, when it attempts to run, I receive the message "Cannot upgrade in Audit Mode".

I assume this is because 1511 is classified as an upgrade, not an update. Much has been discussed about Microsoft using this "upgrade" model, possibly 2-3 times a year, while using Patch Tuesday updates inbetween them.

This (I would think) causes quite an issue with Administrators who use a base 10 image who want to maintain the latest update without having to create a brand new image each time there is a quarterly "upgrade". Is this really how MS intends to handle this, or is there a way to upgrade the base image and still have the ability to sysprep it?

I've been down the route of registry hacks in order to sysprep an 'upgraded' version of windows (which I know upgraded systems are not sysprepable from MS standpoint) and have had some success with these hacks in 8.1. However, not of these tricks seem to work any longer with 10.

As a test, I simply logged into a copy of my base image after sysprep, did the 1511 upgrade, then attempted to sysprep again to no avail (sysprep errors with Appx, etc..which is expected and common)

Is there any MS guidance on how to keep a base image up to date with these latest "upgrades"? Or is MS stance for Enterprise Admins to simply rebuild their base images every time there's a new upgrade (3 or 4 times a year?)

If anyone has any ideas for me to try, it would be much appreciated.