locked
Unattended Installation of Windows Server 2012 wtih WSUS-Server RRS feed

  • Question

  • Hello,

    I want to deploy an unattended installation of Windows Server 2012R2 with Windows Deployment Server. In stage of Oobe I want that the installed image refers once to WSUS-Server for the newest updates. Is there a possibility to edit a XML-File or GPO?

    Monday, November 2, 2015 2:04 PM

Answers

  • not sure if it can be done at that level but these are the usual methods of doing it:

    1. inject the updates via WSUS into a reference server, then create a capture image of that server to use it for your "gold" image which will push out a patched .wim file during build. this method does have a lot of overhead for repeating the process on a monthly basis and also has the drawback of not being able to uninstall any of the patches
    2. use MDT which is a free tool that allows the server to contact WSUS during the build phase and automatically install the updates based on what WSUS makes available to your new server - this works really nice but getting MDT up and running is a bit of work upfront
    3. use a script to put in the wsus pointer info in your build's registry following the base image install and wait for a few hours for the server to contact wsus and patch itself. i used to use this for deploying VM templates but obviously it takes a while to take effect

    the issue with using wsus is that it uses a schedule unless u manually intervene so unless u use something like MDT, you will be waiting for it to patch up the server

    • Proposed as answer by Steven_Lee0510 Wednesday, December 9, 2015 2:15 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 9, 2015 3:24 PM
    Monday, November 2, 2015 5:44 PM

All replies

  • not sure if it can be done at that level but these are the usual methods of doing it:

    1. inject the updates via WSUS into a reference server, then create a capture image of that server to use it for your "gold" image which will push out a patched .wim file during build. this method does have a lot of overhead for repeating the process on a monthly basis and also has the drawback of not being able to uninstall any of the patches
    2. use MDT which is a free tool that allows the server to contact WSUS during the build phase and automatically install the updates based on what WSUS makes available to your new server - this works really nice but getting MDT up and running is a bit of work upfront
    3. use a script to put in the wsus pointer info in your build's registry following the base image install and wait for a few hours for the server to contact wsus and patch itself. i used to use this for deploying VM templates but obviously it takes a while to take effect

    the issue with using wsus is that it uses a schedule unless u manually intervene so unless u use something like MDT, you will be waiting for it to patch up the server

    • Proposed as answer by Steven_Lee0510 Wednesday, December 9, 2015 2:15 PM
    • Marked as answer by Steven_Lee0510 Wednesday, December 9, 2015 3:24 PM
    Monday, November 2, 2015 5:44 PM
  • Thanks for your rapid reply. I will try this steps and then I can write about that.
    Tuesday, November 3, 2015 7:53 AM