none
process for slip-streaming updates into install.wim RRS feed

  • Question

  • Hello, 

    I have recently become familiar with the process of slip-streaming updates into my install.wim's (below are the rough steps I use). I am curious what others do for this in terms or process, how often, and how do you validate your wim's to know what you've just slip-streamed into them hasn't broken anything? I've run into some weird issues and slip-streaming seems somewhat unreliable to do again and again on an install.wim. Correct me if I'm wrong, curious how to do it right. 

    Thanks! 

    1. run WSUSOffline to download updates to c:\apps\wsusoffline\client\w63-x64\glb
    2. dism /mount-wim /wimfile:c:\installwims\2012r2\install.wim /mountdir:c:\dismmount /index:3
    3. dism /image:C:\dismmount /Add-Package /PackagePath:c:\apps\wsusoffline\client\w63-x64\glb
    4. dism /unmount-wim /mountdir:c:\dismmount /commit

    For those wondering what weird issues I've seen...

    1. Running dism with a capital C:\ in the /PackagePath seems to cause problems for .msu's.
    2. Specific to Server 2012r2, slip-streaming the WSUSOffline downloaded windows8.1-kb3042058-x64_a0b664a36f9be300675d74bfa92ba6a84b0e5e81.cab fails. However, when I manually download the windows8.1-kb3172614-x64.msu and expand the respective cab Windows8.1-KB3042058-x64.cab it will slip-stream just fine. However, on a deployed OS it still reports in WSUS as missing kb3042058 in addition to causing WUSA security update reports to fail. 

    Monday, March 27, 2017 4:34 AM

Answers

All replies

  • Slip streaming isn't a good solution since some updates supersede others and some are required to be installed in a specific order, etc.

    Build your reference image in a VM and capture it with all the latest updates installed using Windows update - http://deploymentresearch.com/Research/Post/540/Building-a-Windows-10-v1607-reference-image-using-MDT


    If this post is helpful please vote it as Helpful or click Mark for answer.

    • Marked as answer by Joey Piccola Tuesday, March 28, 2017 4:50 PM
    Monday, March 27, 2017 9:23 PM
  • I agree with Dan.  I used to have to do it this way with some really complex one-off images.

    Now I keep those images in a VM, with a snapshot prior to capture.  I can revert to this snapshot and make changes or run Windows Update whenever needed, and then just capture a new WIM.

    -Matt


    There's no place like 127.0.0.1

    Monday, March 27, 2017 10:12 PM
  • Dan, 

    Thanks for the reply. The images I'd be building would be for varying bare metal deployments (HP, Dell, etc). That said, I'd like to keep it as generic as possible. Can I get away with this process if I simply spin up a VM to do updates only (and maybe install WMF5)? The point being, I don't want to do my customizations in my reference image (no drivers, no applications), just updates. 

    Thanks, 

    Joey


    Monday, March 27, 2017 10:27 PM
  • That's actually the way you're supposed to build images if you want them to be flexible (hardware independent). No drivers, few apps or none and have the latest updates included.

    Use the first link for building images, use this link for how to manage drivers during deployment. http://deploymentresearch.com/Research/Post/325/MDT-2013-Lite-Touch-Driver-Management

    Just like Matt, I always add a suspend task to my reference image. Once it builds and gets to the suspend part you make a snapshot. Then a few months later you can roll back to the snapshot, run windows update until all updates are installed, shutdown the VM and make another snapshot. Boot up and continue to task sequence so that it captures a new image with the latest updates.


    If this post is helpful please vote it as Helpful or click Mark for answer.

    Tuesday, March 28, 2017 1:22 PM
  • Dan & Matt, 

    After some time, I finally 1) understood what you were describing and 2) have it working. Pretty slick. Thanks guys!!!!

    -Joey

    Thursday, March 30, 2017 5:24 AM
  • I'm running into issue.  I basically do the same thing.  I 1)download the updates 2)Mount the .WIM file 3)run DISM add-Package (says successful) 4) unmount and commit .  But, when I apply updated .wim file to a machine and run "Windows Updates" it does not see the updates are there.  Note:  If I run DISM Get-Package against the new .WIM the packages are listed.  Any ideas?  Thanks!
    Friday, March 22, 2019 6:46 PM
  • Your quoted process is pretty much what we do.  Out patch source is a bit different, I will first build a test image and then let our management tool, Altiris, inventory the PC and stage the patches.  I then capture the .MSU files and drop them in a folder.

    Every year or so I will run a cleanup round to get rid of superseded patches and trim down the files.

    Monday, March 25, 2019 1:13 PM
  • You can always add the patches in your deployment share. Just download them from the MS update catalog, add them under Packages and each time you image a machine MDT will install those patches. No need to create new images from a VM that way. Then each month just remove the old updates and add the new ones.
    Tuesday, March 26, 2019 7:03 PM
  • tbrand00,

    updates that are installed inside the image via offline servicing are not listed there but under "Programs and Features > Installed Updates". Only updates that actually came through Windows Update/WSUS are listed under wuapp.exe/Windows Update Settings page.

    Thursday, March 28, 2019 3:32 PM