Best way to deploy updated image to devices? Windows updates or packages? RRS feed

  • Question

  • Hi Team,

    I have see on some occasions that if I patch the image during deployment using 'packages', packages doesn't get installed during deployment but rather when I login, it gives that there are 40-45 updates are detected and start installing. My end goal is to provide fully patched device\workstation to the end user so that he will just login and start using the system.'

    I am using windows update (pre-Post) during build and capture of the image and then during deployment, I have packages.

    Is it a recommended way or just 1 approach is enough ? If updates are already been deployed during Build and capture, does MDT installs it again if the same is included as part of packages or skip it?

    Any pointers will be appreciated.


    Wednesday, August 21, 2013 6:15 AM

All replies

  • The Windows Update steps that are in the default MDT Task Sequence (which calls ZTIWindowsUpdate.wsf) is a two-pass process that checks for updates against Microsoft Update or WSUS (if you specified WSUSServer).  The "Apply Patches" step looks at what is in the "OS Packages" area for a compatible patch, and injects them into Unattend.xml so that they can be installed during start-up.  

    If you are using WSUS, you probably don't need to use Packages unless there is a Package that you don't have in your WSUS and can't add (say someone else controls your WSUS).  I'm not sure I've ever used Packages since we have a WSUS server that's just for our image builds / MDT, so we load and approve whatever we need on it.

    If you deployed updates during Build / Capture (as WSUS or Package), either way, it won't get installed again.  However, if it's in Packages, it will always get downloaded and injected into Unattend.xml and will attempt to run it, so could eat processing time on that first boot.  I, personally, don't use Packages in my environment as I've not found a need to with our own WSUS server.

    Older blog by Niehaus on it, but still spot on:

    David Coulter | | @DCtheGeek

    Wednesday, August 21, 2013 2:07 PM
  • Personally I rely on Hyper-V. I build my reference image on a virtual machine. In the task sequence for the reference computer, I use the LTISuspend script to pause the sequence once Windows is at the desktop. From there I install all needed updates, etc. Then I snapshot the system and continue the sequence. From time to time I load up the snapshot and grab all the new updates. Snapshot it again and continue the sequence. Then I just take the new wim file and replace the old one. I've never had any problems doing it that way. It cuts down on how much time is spent running windows update during the deployment to your target machines.
    Thursday, August 22, 2013 8:41 PM