The Unified Update Platform (UUP) reduces the size of feature and quality updates, as well as the number of reboots. It also retains Features on Demand (FoDs). WSUS and SCCM users will soon be able to enjoy UUP. For WSUS to obtain future Windows 11 updates, the servers have to be prepared accordingly.

Users who update their PCs via Windows Update (for Business) have long received both monthly cumulative updates and feature updates via the Unified Update Platform.

However, the implementation of the UUP for WSUS and SCCM has been delayed by years. It is currently available as a public preview and should be generally available in the first quarter of 2023. Once it is, all updates for Windows 11 22H2 and later will be delivered to WSUS and SCCM in this format.

Add MIME types via IIS Manager

For WSUS to be ready to receive UUP updates, admins must add two MIME types to the Internet Information Services (IIS). This can be done via the GUI of the IIS Manager.

If you are running WSUS on Server Core, you must first enable remote management for IIS and install IIS Manager for Remote Administration on the client.

After connecting to the server, click the MIME Types icon.

Open the list of registered MIME types via the corresponding applet

Open the list of registered MIME types via the corresponding applet

This opens a list of all registered MIME types. Select the Add command from the context menu, and enter .wim as the file name extension and application/x-ms-wim as the MIME type in the form.

Register the MIME type for WIM archives

Register the MIME type for WIM archives

Repeat this procedure for the .msu extension to which you assign application/octet-stream.

Registering MIME types from the command line

As an alternative to the IIS Manager, you can use the appcmd.exe utility to register MIME types. In the first step, it is recommended to check whether the two file extensions are already assigned to a MIME type. The following PowerShell command does the job:

. $Env:WinDir\system32\inetsrv\appcmd.exe list config /section:staticContent |
select-string "(wim|msu)"

Under cmd.exe, the corresponding command looks like this:

%SystemRoot%\system32\inetsrv\appcmd.exe list config /section:staticContent | findstr /i "wim msu"

If entries are present and configured incorrectly, remove them in PowerShell with

. $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /-"[fileExtension='.msu']"
. $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /-"[fileExtension='.wim']"

Then, you can register the two MIME types like this:

. $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /+"[fileExtension='.msu',mimeType='application/octet-stream']"
. $Env:WinDir\system32\inetsrv\appcmd.exe set config /section:staticContent /+"[fileExtension='.wim',mimeType='application/x-ms-wim']"

To check, invoke appcmd again, as above, with the list parameter.

Register and list MIME types for .msu and .wim via appcmd.exe_

Register and list MIME types for .msu and .wim via appcmd.exe_


Microsoft will soon make the UUP available for on-prem systems like WSUS and SCCM. For WSUS servers to get these updates, you need to register two MIME types.

Subscribe to 4sysops newsletter!

For this purpose, the IIS Manager GUI is available. However, it must first be enabled for remote administration, if required. Alternatively, you can use the appcmd.exe program on the command line, especially on Server Core.

  1. Avatar
    Rich 9 months ago

    I’m looking for a very simple WSUS setup method that only pulls down Security and Critical updates. I’ve only barely seen the template for WSUS….one attempt at getting updates onto a server ended up with over 12,000 updates. I only chose Win10 Sec and Critical updates, but I ended up with updates for Office 2015 and things not applicable anymore.
    We’re currently at 21H1/2 Win10 and will gradually move to Win11. I am just not sure how to get granular enough to be specific just to the Sec and Critical updates only for Win10 21H1/2. All I remember seeing was Win10 but not being able to specify the versions. I’m not using SSCM but only MDT and I don’t care about getting pre-Windows/Apps updates, then more after the OS and APPS. Is there a WSUS for Dummies (such as myself) to set this up once and then set up a schedule for the server to get them regularly? I believe that once I set this up in MDT, I have to run a script to tell the pc to quit trying to reach out to the WSUS once the pc is deployed into the field. Thanks

  2. Avatar
    Chinga Su Madre 9 months ago

    That’s a completely separate issue than what’s reviewed on this post. You should be able to Google all that to get specific for your needs, WSUS works just fine for thousands of computers so you just need a bit more fine tuning. Also group policy if your friend post imaging and joined to the domain for out in the field.

  3. Avatar
    Jean-Sebastien 7 months ago


    If I’m using SCCM latest version with WSUS, is that required or is SCCM update will cover it?

    Thank you

Leave a reply

Please enclose code in pre tags: <pre></pre>

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account