Patching XP images is common topic of discussion with many of my customers. When deploying XP should they continuously update their “master” image every time a new patch is released or should they deploy the image without every patch and wait for the machines to be updated automatically via SMS or WSUS?
One of my favourite features of Vista is the ability to patch images offline. This will hopefully mean that the “patching discussion” will be short from now on!!
BDD 2007 leverages this functionality and will patch a Vista client directly after an image is deployed in the Windows PE phase of the deployment. This means that you have a fully patched client when Vista launches for the first time.
Unfortunately for this process to work you will need to update the script that performs the patching process “ztipatches.wsf”. This is due to an a feature that was intended to prevent the addition of the same language pack multiple times.
To fix the problem simply find the following block of code and comment out the line “fLangCanContinue = FALSE”.
fLangCanContinue = TRUE
If not oExistingLang is nothing then
If oExistingLang.Length > 0 then
fLangCanContinue = FALSE
It is also important to know that patches must be converted into a CAB file format before they can be imported into BDD. To do this you simply use the expand command as shown below and then import the expanded CAB file.
Expand patch.msu -F:*.CAB c:\temp
Hopefully with these two tips you will be well on the way to a secure fully patched Vista environment.
UPDATE - 16th June 2007: This fixes detailed in this blog have now been fixed by BDD patch 1. You will find further details here.
NOTE: This process is for Vista only, NOT XP.... sorry.
Ben is a great BDD resource and the original creator of the idea to open notepad as an application during
Well the first patch for BDD 2007 has been released, download it here . This fixes a number of those
Unfortunately I am missing something here... On page 176 of the Vista Resource Kit book. It states that I should: Download the security updates from the Microsoft websites and install them as a part of the image-build process. You mention above that i have to edit the “ztipatches.wsf”. the expand the patches. When I try to download the patches of course it opens my control panel.
Hi Tim, You no longer need to edit the ztipatches.wsf script. Please see the update referenced above for more information. If you are not sure where to download the patches then the following blog by Aaron Tiensivu is a good starting point: http://blog.tiensivu.com/aaron/archives/1123-Updated-list-of-Vista-pre-SP1-hotfixes,-sorted-by-category.html