Best Practice Creating Master Image with Updates ?


  • At the time that i write this Windows 7 Sp1 has about 140 updates and so many updates take time to install. My  question is; would it be possible and acceptable to create a master image for deployment that has the updates included? I understand that can create an image from a Windows installation disk and afterwards in the Task Sequence, set up a task that can install the updates PreInstall or PostInstall. Other option would be to apply a update package to a offline image with DISM. 

    What I would like to do is to create an image to deploy. Deploy it to a Hyper-V machine. After i have deployed it, update it with updates, security patches etc, and preffered Framework 4.5 and its updates, sysprep the machine and capture it again. Use the caputured image as my master image. And work from there to set up the rest of my prefered deployment (inject drivers, create selection profiles etc.) 

    Is there a best practice for this and are there any advises against this?

    (take in mind i use only approved updated, knowing not to have problems). 

    Result i got in my lab is:       2 hours  deploy image and update afterward.
                          20 min   deploy updated master image.

    Does anybody got something on this subject?

    • Edited by ax813v51 Monday, October 21, 2013 8:19 AM
    Sunday, October 20, 2013 10:34 PM

All replies

  • This is *TOTALLY* a best practice.

    Create a deployment share for captures. Create a Task Sequence for your "master" images.

    I personally like including the "Windows Update" step to ensure that I have everything from WU. Of course, you can point off to your WSUS server instead, if you have standardized "Approved" updates. Then add any additional updates required. Like Adobe Reader, Microsoft Office, etc...

    Run in a Virtual Machine like Hyper-V.

    If your system is automated, you can re-run the Task in the VM over and over to re-generate the master images.

    Keith Garner -

    • Proposed as answer by Rahullkumar Monday, October 21, 2013 1:44 PM
    Monday, October 21, 2013 7:07 AM
  • Yes, absolutely, except you shouldn't be re-deploying the same image over and over. You should build the images fresh with MDT, add the patches and updated apps, and then capture it.

    In addition to re-sysprepping not beign supported, building fresh lets you avoid a build up of superseded patches, registry keys pointing to removed versions of apps, etcetera.

    Monday, October 21, 2013 5:17 PM
  • To add updates from your WSUS server to your reference image, you need to enable the Windows Update tasks in the task sequence you are using to deploy windows. These are nested under State Restore (in MDT 2010).

    You also need to enter the WSUS server info in customsettings.ini 


    Sysprep will not work more than 3 times before you will run into problems. Recreating your Master Image can be automated by setting up WDS and MDT. There are ways around this, but they are not "supported" by Microsoft.

    Of note, I've been using Oracle's VirtualBox to create my reference images. I've only run into very minor problems restoring them to a variety of HP laptops and desktops (mostly related to driver management on my part).

    Monday, October 21, 2013 9:11 PM