Update Servers/Microsoft Exchange/Upgrading Considerations.md

Servers/Microsoft Exchange/Upgrading Considerations.md

@@ -19,14 +19,14 @@ It's recommended to reboot the server after making this change to be triple-sure
 !!! note "Security Policy Only Required on Exchange Server"
     While the `Enterprise Admins`, `Schema Admins`, and `Organization Management` security group memberships are required on a domain-wide level, the security policy membership for "Manage Auditing and Security Logs" mentioned above is only required on the Exchange Server itself.  You can create a group policy that only targets the Exchange Server to add this, or you can make your user a domain-wide member of "Manage Auditing and Security Logs" (Optional).  If no existing policies are in-place affecting the Exchange server, you can just use `secpol.msc` to manually add your user to this security policy for the duration of the upgrade/update (or leave it there for future updates).
 
-## `SeSecurityPrivilege` Operational Context
+## Running Exchange Updater within `SeSecurityPrivilege` Operational Context
 At this point, you would technically be ready to invoke `setup.exe` on the Cumulative Update ISO image to launch the upgrade process, but we are going to go the extra mile to manually "Enable" the `SeSecurityPrivilege` within a Powershell session, then use that same session to invoke the `setup.exe` so the updater runs within that context.  This is not really necessary, but something I added as a "hail mary" to make the upgrade successful.
 
 ### Open Powershell ISE (As Administrator)
 The first thing we are going to do, is open the Powershell ISE so we can copy/paste the following powershell script, this script will explicitely enable `SeSecurityPrivilege` for anyone who holds that privilege within the powershell session.
 
 ```powershell title="SeSecurityPrivilege Enablement Script"
-# Create a privilege adjustment
+# Create a Privilege Adjustment
 $definition = @"
 using System;
 using System.Runtime.InteropServices;
@@ -82,11 +82,27 @@ Add-Type -TypeDefinition $definition
 At this point, we now have a powershell session operating with the `SeSecurityPrivilege` privilege enabled.  We want to confirm this by running the following commands:
 
 ```powershell
-whoami # Output Similar to "bunny-lab\nicole.rappe"
+whoami # (1)
-whoami /priv # See the below table to validate the privilege is enabled
+whoami /priv # (2)
 ```
 
+1.  Output will appear similar to "bunny-lab\nicole.rappe", prefixing the username of the person running the command with the domain they belong to.
+2.  Reference the privilege table seen below to validate the output of this command matches what you see below.
+
 | **Privilege Name** | **Description** | **State** |
 | :--- | :--- | :--- |
 | `SeSecurityPrivilege` | Manage auditing and security log | Enabled |
 
+### Execute `setup.exe`
+Finally, at the last stage, we mount the ISO file for the Cumulative Update ISO (e.g. 6.6GB ISO image), and using this powershell session we made above, we navigate to the drive it is running on, and invoke setup.exe, causing it to run under the `SeSecurityPrivilege` operational state.
+
+```powershell
+D: # (1)
+.\Setup.EXE # (2)
+```
+
+1.  Replace this drive letter with whatever letter was assigned when you mounted the ISO image for the Exchange Updater.
+2.  This launches the Exchange updater application.  Be patient and give it time to launch.  At this point, you should be good to proceed with the update.
+
+!!! success "Ready to Proceed with Updating Exchange"
+    At this point, after doing the three sections above, you should be safe to do the upgrade/update of Microsoft Exchange Server.  The installer will run its own readiness checks for other aspects such as IIS Rewrite Modules and will give you a link to download / upgrade it separately, then giving you the option to "**Retry**" after installing the module for the installer to re-check and proceed.