- SystoLOCK in review: Logging in to Active Directory with multi-factor authentication without passwords - Tue, Dec 5 2023
- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
Users who update their PCs via Windows Update (for Business) have long received both monthly cumulative updates and feature updates via the Unified Update Platform.
However, the implementation of the UUP for WSUS and SCCM has been delayed by years. It is currently available as a public preview and should be generally available in the first quarter of 2023. Once it is, all updates for Windows 11 22H2 and later will be delivered to WSUS and SCCM in this format.
Add MIME types via IIS Manager
For WSUS to be ready to receive UUP updates, admins must add two MIME types to the Internet Information Services (IIS). This can be done via the GUI of the IIS Manager.
If you are running WSUS on Server Core, you must first enable remote management for IIS and install IIS Manager for Remote Administration on the client.
After connecting to the server, click the MIME Types icon.
Open the list of registered MIME types via the corresponding applet
This opens a list of all registered MIME types. Select the Add command from the context menu, and enter .wim as the file name extension and application/x-ms-wim as the MIME type in the form.
Register the MIME type for WIM archives
Repeat this procedure for the .msu extension to which you assign application/octet-stream.
Registering MIME types from the command line
As an alternative to the IIS Manager, you can use the appcmd.exe utility to register MIME types. In the first step, it is recommended to check whether the two file extensions are already assigned to a MIME type. The following PowerShell command does the job:
. $Env:WinDir\system32\inetsrv\appcmd.exe list config /section:staticContent | select-string "(wim|msu)"
Under cmd.exe, the corresponding command looks like this:
%SystemRoot%\system32\inetsrv\appcmd.exe list config /section:staticContent | findstr /i "wim msu"
If entries are present and configured incorrectly, remove them in PowerShell with
. $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /-"[fileExtension='.msu']" . $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /-"[fileExtension='.wim']"
Then, you can register the two MIME types like this:
. $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /+"[fileExtension='.msu',mimeType='application/octet-stream']" . $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /+"[fileExtension='.wim',mimeType='application/x-ms-wim']"
To check, invoke appcmd again, as above, with the list parameter.
Register and list MIME types for .msu and .wim via appcmd.exe_
Summary
Microsoft will soon make the UUP available for on-prem systems like WSUS and SCCM. For WSUS servers to get these updates, you need to register two MIME types.
Subscribe to 4sysops newsletter!
For this purpose, the IIS Manager GUI is available. However, it must first be enabled for remote administration, if required. Alternatively, you can use the appcmd.exe program on the command line, especially on Server Core.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
I’m looking for a very simple WSUS setup method that only pulls down Security and Critical updates. I’ve only barely seen the template for WSUS….one attempt at getting updates onto a server ended up with over 12,000 updates. I only chose Win10 Sec and Critical updates, but I ended up with updates for Office 2015 and things not applicable anymore.
We’re currently at 21H1/2 Win10 and will gradually move to Win11. I am just not sure how to get granular enough to be specific just to the Sec and Critical updates only for Win10 21H1/2. All I remember seeing was Win10 but not being able to specify the versions. I’m not using SSCM but only MDT and I don’t care about getting pre-Windows/Apps updates, then more after the OS and APPS. Is there a WSUS for Dummies (such as myself) to set this up once and then set up a schedule for the server to get them regularly? I believe that once I set this up in MDT, I have to run a script to tell the pc to quit trying to reach out to the WSUS once the pc is deployed into the field. Thanks
That’s a completely separate issue than what’s reviewed on this post. You should be able to Google all that to get specific for your needs, WSUS works just fine for thousands of computers so you just need a bit more fine tuning. Also group policy if your friend post imaging and joined to the domain for out in the field.
Hello,
If I’m using SCCM latest version with WSUS, is that required or is SCCM update will cover it?
Thank you