none
Patch injection question - are patches actually installed? RRS feed

  • Question

  • Hello,

    I'm trying to create a new image for Windows Server 2012 R2 Standard with all of the latest updates already injected or slipstreamed into the ISO. I found a number of different ways to do this but it all has the basic principals of using DISM to achieve it.

    The best way I found was to use a free tool called NTLite to help automate the process some. I'm running into a weird issue though where NTLite will appear to inject all of the updates into the ISO, but I have doubts as to if it truly does. 

    The reason I'm questioning it is because after it says it took the approximately 180 updates and injected them into the new .wim file, the new .wim file is only about 400 Mb bigger than the original. I did try an in place upgrade of a 2008 R2 server using the new ISO with the new .wim, and it seemed fine. While checking the view installed updates under Programs and Features it did show all of the new updates as well. Great I thought. But then when I went to scan for new updates using Microsoft's update site, it showed that I needed around 180 updates. I compared the list from the updates site and what was in View Installed Updates and they were all of the same. I continued with the installation and it went through and installed all of them fine.

    So that made me think - did it actually install the updates with the new ISO or no? Or did it just report that they were there when in reality they were not. Right after the upgrade with the new ISO, I checked the Download folder under SoftwareDistribution and that was empty. After installing the updates from the Microsoft Update site, then were of course now in that folder. 

    So my question is...how could i verify for sure that updates are really installed using my new ISO with them injected? Where could I look for a definitive answer? registry or certain folders? They have to live somewhere besides the Download folder right? I would hate to upgrade a bunch of machines and assume they have the latest updates on them, when in reality they don't. Any help pointing me to an answer would be great. Thanks! 

    Monday, June 10, 2019 1:48 AM