locked
Software Updates in a TS Question RRS feed

  • Question

  • Our company has recently began using OSD and right now everything works great for the most part.  I built a virtual machine, updated it with all the patches through March 2015 and used Build and Capture to create the image.  My applications and packages install without an issue.  However, the service desk started to question why there were over 100 updates available after the OS was deployed.  I realized that some of them were updates for Office, .NET and Lync.  I then realized that the updates were not installed in the base OS because those applications were not there when I built the base machine.

    Just as a side note, my updates are organized by month going back to March of 2014. So I have 2014-03 through 2015-04. The remainder are in groups that are just the years. So there is a 2015, 2014, etc. However, those are not deployed.  Additionally, we are currently required to keep desktops at IE 9 for compatibility with some of our older home grown applications.  While that is in the process of being updated, I can't run IE 10 or 11.

    So I was curious how everyone else manages this situation (or would) as I had a hard time finding someone discussing this scenario specifically.  I did find this article on the forums and thought that since I know which updates the system needs, I can make a special update group for OSD, deploy it to the Unknown computers collection and then setup the task Install Software Updates task sequence with only mandatory updates.  Then install them on the machine and see if more show up, which would go into a new task sequence and repeat that until there are none left.  It feels like it would be a management nightmare because it would constantly have to be updated.


    Tuesday, April 28, 2015 3:38 PM

Answers

  • Use a build & capture task sequence. Install and configure the OS, install applications, install software updates using ConfigMgr. Done :-)

    Torsten Meringer | http://www.mssccmfaq.de

    • Marked as answer by Daniel JiSun Monday, May 11, 2015 7:06 AM
    Tuesday, April 28, 2015 4:09 PM
  • First, what you described above is not "Build and Capture". As the name implies, a Build and Capture task sequence does not involve you installing Windows manually on a virtual machine; the whole point of Build and Capture is to automate the image build process and then capture the automatically built system.

    As for keeping the image up to date, there are two easy answers here. First, update your image with offline servicing. This uses DISM to effectively slipstream core OS updates into the image without having to recreate or rebuild your image in any way. As noted though, this does not handle every possible update. That's where build and capture comes in, you simply re-run your build and capture using the updated core image with the Install Software Updates task included.

    As for targeting your updates to both your build and capture as well as your deployment task sequence, yes, creating a new software update group and targeting a deployment of this group is an elegant way to handle them. Yes, you will have to update this group regularly, but that's honestly what, a 10 minute task once a month? Alternatively, you can target all of your existing update groups at the appropriate TS collections. That adds a bit of messiness in having extra deployments but it eliminates the need for the redundant update groups.

    Both methods have overhead.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, April 28, 2015 4:11 PM

All replies

  • Use a build & capture task sequence. Install and configure the OS, install applications, install software updates using ConfigMgr. Done :-)

    Torsten Meringer | http://www.mssccmfaq.de

    • Marked as answer by Daniel JiSun Monday, May 11, 2015 7:06 AM
    Tuesday, April 28, 2015 4:09 PM
  • First, what you described above is not "Build and Capture". As the name implies, a Build and Capture task sequence does not involve you installing Windows manually on a virtual machine; the whole point of Build and Capture is to automate the image build process and then capture the automatically built system.

    As for keeping the image up to date, there are two easy answers here. First, update your image with offline servicing. This uses DISM to effectively slipstream core OS updates into the image without having to recreate or rebuild your image in any way. As noted though, this does not handle every possible update. That's where build and capture comes in, you simply re-run your build and capture using the updated core image with the Install Software Updates task included.

    As for targeting your updates to both your build and capture as well as your deployment task sequence, yes, creating a new software update group and targeting a deployment of this group is an elegant way to handle them. Yes, you will have to update this group regularly, but that's honestly what, a 10 minute task once a month? Alternatively, you can target all of your existing update groups at the appropriate TS collections. That adds a bit of messiness in having extra deployments but it eliminates the need for the redundant update groups.

    Both methods have overhead.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, April 28, 2015 4:11 PM