Symantec recently released this KB detailing how customers can now install features updates via patch (yay, hoping to test it very soon!).
This week a blog came out detailing how win10 feature updates present a security risk as clients can easily hit shift F10 during the upgrade process to get admin command line access (during install of these win10 feature updates, bitlocker is suspended/disabled). More info on the Microsoft shift F10 issue here & some twitter discussion.
Last night, Johan Arwidmark posted a blog about how to easily block the shift F10 option using ConfigMgr and said it would be easy to replicate with other deployment tools - simply injecting a file (DisableCMDRequest.TAG) into a WIM - but I have no idea how one would do this with the Altiris/Symantec CMS/ITMS tools.
Is it possible to block this shift F10 functionality with the Symantec products? This is a huge risk for us in a K12 environment where students like to tinker and are well aware of such easy bypasses.