locked
Asking again about MS Updates in MDT Task Sequence... RRS feed

  • Question

  • While the cowboys and indians argue over WSUS, I have to ask about GPO policies applied during MS Updates.

    For testing, I enabled Updates in my Deploy. We have GPO in place to prevent driver updates, OS feature updates, etc.

    Do GPO MS Update policies apply the same during MDT as they do when running Windows Updates as a user from the desktop? Will our in-place GPO policies still apply if I want to pull down MS Updates during MDT as they would just in the OS as a user?

    This will have to do until they decide to move to WSUS or not.

    Thanks


    Tuesday, May 22, 2018 8:23 PM

All replies

  • If you join your machines to domain, then computer policies will apply right upon domain join overriding local settings in the process

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Tuesday, May 22, 2018 8:50 PM
  • Awesome. I had thought that might be the case. I tried it out and I saw Updates running. Then it ran again, Phase 2 I think. How many times will that one Step in the TS run (Post-App Install)? I recall in the past when teting this out that it ran and ran.....maybe 7 or 8 times.
    Tuesday, May 22, 2018 8:59 PM
  • Depends if there are still updates ro install. Usually you will not see more than 2 passes when building Windows 10 images. I believe the max number of runs is 8, but I would need to check the code to verify.

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Tuesday, May 22, 2018 9:01 PM
  • I think I'm going to skip this whole MDT MS Updates thing. Our AD group just recently allowed our local admin account to even get updates in the open OU. Now, when I run it through MDT, sometimes it does 2 passes with about 8 updates, another time it will do 6 passes and pull down things related to Office 2013 which we don't use.
    I don't want to have to figure out why it gets 8 updates one time and 16+ another.

    Someone else just tried the updates through MDT and it eventually failed saying it hit the limit, 8 times, to get updates.

    Wednesday, May 23, 2018 6:11 PM
  • What could be causing Updates to run 8 times and then error out, maxing out the times it's run?
    My plain OS does 2 passes. My Standard Software image pretty much runs to the max every time.
    ZTIWindowsUpdate has run and failed too many times. Count = 8.

    My Standard OS image completes successfully. I'm about to just tell people to run it manually and be done with that.

    Wednesday, May 23, 2018 8:06 PM
  • I found a "fix" for this but I don't get what it really is doing.....

    I have 3 cmd's running in my TS which now allows Windows Updates.

    The first  stops the update service
    The second deletes the c:\windows\softwaredistribution folder
    The third starts the update service

    What I don't understand is that mounting the image in DISM, I don't see that folder.
    I guess it only appears in a running OS? I intended on deleting it in my WIM and pushing that out
    but I have MDT doing it in my TS. It's fine, but I don't understand the process of why it fixes what it does
    when I can't see the folder as a mounted WIM.

    Friday, May 25, 2018 5:27 PM