none
MDT 2013 capture image and windows updates RRS feed

  • Question

  • Hello,

    I am trying to capture an image .wim using MDT 2013 and get all windows updates and then import the .wim into SCCM 2012 R2 SP1 for later deployment. WSUS is installed as well. My question is: How can I get the Windows Updates in the MDT capture process? I have tried deploying windows updates to the "unknown computers" collection but the updates log says there are no updates available and none get installed. I have read in some forums that I might need to enable automatic approval in WSUS but I have also read that you are not supposed to configure anything in WSUS and use SCCM for configuration.

    Please help.

    Wednesday, July 8, 2015 7:55 PM

Answers

  • Personally when using MDT for build and capture I use a separate private MDT server with no ConfigMgr integration. Since you have private WSUS I would probably not specify the WSUS server in customsettings.ini.  The issue will be updates that you specifically don't want although you and use ExcludeKB001=SomeKBNumber etc.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Thursday, July 9, 2015 12:05 AM
    Moderator

All replies

  • Are you using your private WSUS or the public Windows Update?

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, July 8, 2015 10:49 PM
    Moderator
  • We have SCCM R2 SP1 with MDT 2013 integrated, yes: along with WSUS internal
    Wednesday, July 8, 2015 10:51 PM
  • So, I have it somewhat working but still question it...I approved an update in WSUS and now it is showing up as a downloadable update. My concern is if I approve all WSUS updates they will start deploying to my domain computers. Does anyone know for sure or do I need to setup an additional WSUS server for my MDT captures?
    Wednesday, July 8, 2015 11:37 PM
  • Personally when using MDT for build and capture I use a separate private MDT server with no ConfigMgr integration. Since you have private WSUS I would probably not specify the WSUS server in customsettings.ini.  The issue will be updates that you specifically don't want although you and use ExcludeKB001=SomeKBNumber etc.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Thursday, July 9, 2015 12:05 AM
    Moderator
  • I know this topic hasn't been replied to in a while, but just wanted to mention what I have done.

    My MDT server has two shares. One for Reference Image building, the other for Production.
    I use a Hyper-V VM to build the reference image.

    The WSUS server only has definition updates applied to the All Computers group, the clients and servers are placed in separate groups.

    I started a Reference Image setup without allowing it to Capture the image.
    Instead, I logged in to it (local, reference isn't domain joined) and edited the local policy to set the WSUS server settings.
    Then, I did a "wuauclt /resetauthorization /detectnow" (/detectnow may not be needed, but I always include it) to make the VM known in WSUS. And in the WSUS console I added it to the Clients group.

    Because of the entries for the WSUS server in the customsettings.ini, and using the Task Sequence, my Reference Image will now pull in all the updates that apply to it.

    The only issue now remains that after the sysprep, the imaging part takes out all the updates again...

    Friday, September 25, 2015 12:00 PM