- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
Update: If you are looking for a way to download updates read this and this new article explains how to slipstream updates with PowerShell and SCCM.
If you have ever watched a fresh OS install download update after update, you understand how frustrating and time consuming it can be. There are several solutions that will ensure a new machine is completely patched before the end user even gets the machine. For example, MDT includes two separate tasks for updating a machine during a task sequence.
The Windows Update Task in an MDT Task Sequence can slow down imaging.
Another common method is to load Windows Update packages into the MDT Deployment Workbench Packages container.
The downside to most methods is the increase in imaging times. When you are installing 150+ updates on a Windows 7 machine, things can slow down to a crawl.
One great alternative is to use DISM and the /add-package parameter. With DISM and a simple batch file, we can loop through Windows Update packages and apply them to our .WIM files. Let’s briefly cover DISM and prep our environment before jumping into the cooler stuff.
Using DISM to install Windows Update packages ^
Start by creating a folder in the root of C:\. Name the folder Mount. Next, launch an administrative command prompt (WIN + X, A for Windows 8+ machines) and execute DISM to see the list of available options and the proper syntax. If you have ADK installed, you can launch the Deployment and Imaging Tools Environment shortcut as an administrator. This is my preferred method.
Getting help with DISM is made easier with command prompt examples.
Your first step is to mount your OS install.wim file. If you are using MDT, this file is located in your DeploymentShare under Operating Systems\OS Name\sources\. At your administrative command prompt, type the following:
dism /mount-wim /wimfile:”D:\DeploymentShare\Operating System\Windows 7 SP1\Sources\install.wim” /mountdir:C:\Mount /index:1
When the WIM is mounted, you should be able to browse to C:\Mount and view the contents.
A mounted WIM within Windows Explorer. An OS within an OS.
To add a Windows update, type the following command:
dism /image:C:\Mount /add-package /packagepath:PATH-TO-UPDATE
Adding updates with the above command is almost as tedious as watching 150 of them install. In the past, I would head to the Windows Update catalog and download every update that was needed. Although I will still do this for some single updates, I use a faster method now.
The easier way to slipstream Windows updates ^
To use this method, you will need to set up a fresh machine and let it fully update. This has to be done for each OS that you deploy. Luckily, you will only have to do this one time. When your first machine is fully patched, head back to your administrative command prompt and type the following:
Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U”
Be sure to specify your machine’s name in the command. This will launch a new window where you can watch as each update is installed. Even though this part is automated, it will still take a while to complete (about an hour for my test VM).
DISM has successfully added Windows updates to our WIM.
Once you are at the return prompt in the second window, all available updates have been slipstreamed. Head back to your first command prompt and type:
Dism /unmount-wim /mountdir:C:\Mount /commit
At this point, DISM will apply the changes that you’ve made, save your image, and unmount it. Your local Mount folder should now be empty. To speed up this process on other operating systems, save the following commands in a batch file:
dism /mount-wim /wimfile:”D:\DeploymentShare\Operating System\Windows 7 SP1\Sources\install.wim” /mountdir:C:\Mount /index:1 Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U” Dism /unmount-wim /mountdir:C:\Mount /commit
Deploy your fully patched image to a test computer. Once the install finishes, check Windows Updates for any available updates. You should notice a drastic reduction! In my case, only updates that install with an EXE were still available. From here, you can deploy those remaining updates with WSUS or MDT Applications, or you can allow the Windows Updates task to finish the job.