So a couple of weeks ago, I was working on a image engineering engagement for a customer. During image engineering I use an automated MDT 2010 task sequence to build the reference machine, customise it and then sysprep and capture it automatically. I typically use the ZTIWindowsUpdate.wsf task in the MDT 2010 task sequence to go out to the Microsoft Update servers on the internet and pull down the required updates which are then added to the image during the image engineering process automatically. This means that I don’t have to manage the download and adding of updates to MDT 2010 as the task sequence task goes out and downloads/installs the relevant updates at the point in time that the image engineering task sequence runs.
Then I started to think about how this would work if I wanted to control the updates – and if I did in fact want to download them individually and stage them in MDT 2010. There seemed no easy way to identify the updates that have been released since a specific point in time (say since Windows 7 SP1) until I came across http://www.microsoft.com/technet/security/current.aspx
This site allows you to set the product/technology that you want to search for and the service pack level and it will then pull back all of the updates that have been released from that point – once the list is built you can then visit each link and download the required updates to your local MDT server for integration with your image engineering process – all its really missing is a basket type download tool that would allow you to download all the updates identified – but as a way of finding those point in time updates – it’s pretty cool
This post was contributed by Richard Smith, a Principal Consultant with Microsoft Services UK
Hi Richard, thank you for your great post. Maybe worth to mention is that you can also use the Microsoft catalog website: catalog.update.microsoft.com. Here you can put all your updates in a basket, and then download them all, maybe a little faster. ;-)
Hi trukker - that's a great point - you can gather your updates from the Microsoft catalog website, which has a nifty shopping basket so that you can download all of the updates together. I see the site I identified in the blog as a way of figuring out what updates you need - then you could use either site to grab the files....
Hi Richard, thanks for the post, this is potentially very helpful. The Microsoft catalog always included stuff I didn't need and I still had to sift through a zillion patches. It simply wasn't worth the time. But how do you import these as packages (since I'm assuming that's what you are talking about)?
Easy way to search for Microsoft Security Updates that only apply to the application or OS and service pack you care about! blogs.technet.com/.../finding-updates-for-image-engineering.aspx ...
As I typically use MDT 2010 for automated image engineering tasks, I import the updates directly into the Packages node in the Deployment Workbench - they are then automatically added the next time I create an image. You could also extract the contents and use DISM (that is provided in the Windows Automated Installation Kit) to inject the updates directly into the image, or import them into ConfigMgr as updates to be applied during deployment.