- SmartDeploy: Rethinking software deployment to remote workers in times of a pandemic - Thu, Jul 30 2020
- Outlook attachments now blocked in Office 365 - Tue, Nov 19 2019
- PolicyPak MDM Edition: Group Policy and more for BYOD - Tue, Oct 29 2019
Update: If you are looking for a way to download updates read this and this new article explains how to slipstream updates with PowerShell and SCCM.
If you have ever watched a fresh OS install download update after update, you understand how frustrating and time consuming it can be. There are several solutions that will ensure a new machine is completely patched before the end user even gets the machine. For example, MDT includes two separate tasks for updating a machine during a task sequence.
The Windows Update Task in an MDT Task Sequence can slow down imaging.
Another common method is to load Windows Update packages into the MDT Deployment Workbench Packages container.
The downside to most methods is the increase in imaging times. When you are installing 150+ updates on a Windows 7 machine, things can slow down to a crawl.
One great alternative is to use DISM and the /add-package parameter. With DISM and a simple batch file, we can loop through Windows Update packages and apply them to our .WIM files. Let’s briefly cover DISM and prep our environment before jumping into the cooler stuff.
Using DISM to install Windows Update packages
Start by creating a folder in the root of C:\. Name the folder Mount. Next, launch an administrative command prompt (WIN + X, A for Windows 8+ machines) and execute DISM to see the list of available options and the proper syntax. If you have ADK installed, you can launch the Deployment and Imaging Tools Environment shortcut as an administrator. This is my preferred method.
Getting help with DISM is made easier with command prompt examples.
Your first step is to mount your OS install.wim file. If you are using MDT, this file is located in your DeploymentShare under Operating Systems\OS Name\sources\. At your administrative command prompt, type the following:
dism /mount-wim /wimfile:”D:\DeploymentShare\Operating System\Windows 7 SP1\Sources\install.wim” /mountdir:C:\Mount /index:1
When the WIM is mounted, you should be able to browse to C:\Mount and view the contents.
A mounted WIM within Windows Explorer. An OS within an OS.
To add a Windows update, type the following command:
dism /image:C:\Mount /add-package /packagepath:PATH-TO-UPDATE
Adding updates with the above command is almost as tedious as watching 150 of them install. In the past, I would head to the Windows Update catalog and download every update that was needed. Although I will still do this for some single updates, I use a faster method now.
The easier way to slipstream Windows updates
To use this method, you will need to set up a fresh machine and let it fully update. This has to be done for each OS that you deploy. Luckily, you will only have to do this one time. When your first machine is fully patched, head back to your administrative command prompt and type the following:
Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U”
Be sure to specify your machine’s name in the command. This will launch a new window where you can watch as each update is installed. Even though this part is automated, it will still take a while to complete (about an hour for my test VM).
DISM has successfully added Windows updates to our WIM.
Once you are at the return prompt in the second window, all available updates have been slipstreamed. Head back to your first command prompt and type:
Dism /unmount-wim /mountdir:C:\Mount /commit
At this point, DISM will apply the changes that you’ve made, save your image, and unmount it. Your local Mount folder should now be empty. To speed up this process on other operating systems, save the following commands in a batch file:
dism /mount-wim /wimfile:”D:\DeploymentShare\Operating System\Windows 7 SP1\Sources\install.wim” /mountdir:C:\Mount /index:1 Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U” Dism /unmount-wim /mountdir:C:\Mount /commit
Deploy your fully patched image to a test computer. Once the install finishes, check Windows Updates for any available updates. You should notice a drastic reduction! In my case, only updates that install with an EXE were still available. From here, you can deploy those remaining updates with WSUS or MDT Applications, or you can allow the Windows Updates task to finish the job.
Update: If you are looking for a way to download updates read this and this new article explains how to slipstream updates with PowerShell and SCCM.
Want to write for 4sysops? We are looking for new authors.
Thanks for the tip Karl! I don’t think I’ve seen that but it is good to know.
This works great against a WSUS repository:
Start /w for /R \\WSUSSERVER\WsusContent %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:%f
Thanks for the post Joseph!
Awesome! Thanks for the confirmation.
PS C:\Windows\system32> Start /w for /R \\Nczi-app-01\reminst\wsusoffline1062\wsusoffline\client\ %f in (*.cab) do DISM
/image:E:\WDS\tempWimMount /add-package /packagepath:”%U”
*.cab : The term ‘*.cab’ is not recognized as the name of a cmdlet, function, script file, or operable program.
What I doing wrong?
I don’t know if this is your problem or not Martin, but what you posted:
Start /w for /R \\Nczi-app-01\reminst\wsusoffline1062\wsusoffline\client\ %f in (*.cab) do DISM /image:E:\WDS\tempWimMount /add-package /packagepath:”%U”
At the end there, you’re using the wrong double quotes. You’re using ” instead of “. Maybe you copied and pasted the original example and modified it instead of typing it manually? Perhaps replacing the ”’s with ” would fix the problem for you. Best of luck.
I just noticed in my reply, my double quotes showed up as quotes with the top leaning towards the right. They’re supposed to be straight up and down. If you copy and paste the command into something like notepad, you’ll see the difference between the double quotes in the command versus the double quotes that’s created with the keyboard. Just copy and paste the double quote and then hit the double quote on the keyboard. It’ll show you the difference.
Joseph (or anyone who knows why this might be happening)
I am unable to service a Windows 7 x64 .WIM image created using Smart Deoploy’s capture process. It captures a .WIM of the .VMDK (VMWare virtual machine file) and I am trying to service that .WIM
So far I have been successful in mounting the .WIM to a folder on root C:\Updates in this example and I can even add packages from a “package path” that I downloaded using a combo of WSUSOffline and my onsite WSUS server to determine which updates to download. I have about 204 updates to apply yet when I go to apply I am given this error;
As well as when I try to commit the image I get
Error 32 this process is in use (I have waited overnight to try to commit to see if it’s a timing thing)
I have posted a snippet of my log file here;
Anyone curious / know my issue and wanna help!?
is it possible to slipstream updates into a live system ?
Use WUSA.exe. Below is an example.
wusa.exe KBNAME.msu /quiet /norestart
I dont think this works anymore. I’m getting lots of Error: 0x800f0816
Same here trying to do with Windows server 2012 R2, around 230 updates and also 0x800f0816.
Thanks for this great post Joseph!
Here’s some tips that summarizes what others have said here and adds some details. It should also help those that get the 0x800f0816 errors. I’ve put some important text in bold so it’s easier to spot if you want to browse through the post quickly later.
The reason for the 0x800f0816 error seems mostly to be that people are trying to slipstream express patches which means that the files doesn’t contain the full patch.
My recommendation is to use WSUS Offline Update (http://download.wsusoffline.net/) to download the patches. Some people above have recommended the Windows Updates Downloader tool but it currently seems to have very outdated patch lists so I wouldn’t recommend that now as of July 19th 2016 when this was written.
To use WSUS Offline Update download the zip file from the link above and unzip somewhere. I’ll use C:\wsusoffline\ in my examples so replace the path in the examples if you use something else.
Run C:\wsusoffline\Updategenerator.exe , click on the options you want and click Start and wait for it to finish. It will take a while.
NOTE: Even though WSUS Offline Update downloads xml files from Microsoft with patch lists it still might not include the very latest patches so you’ll have to run Windows Update after patching and note down which KBs you’re still missing and download them manually if you want to include everything up until today. As new patches are most likely just around the corner it’s probably a waste of time though.
Updates will be stored in subfolders under C:\wsusoffline\client\ with names matching the Windows version. Eg. Windows 7 64Bit will be stored under C:\wsusoffline\client\w61-x64\ so that’s the path you tell DISM to look in.
In case someone doesn’t know, Windows 7 has version number 6.1 hence the w61-x64 name (https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832(v=vs.85).aspx)
Here’s the list of folders WSUS Offline Update creates under D:\wsusoffline\client\ for the different OS versions you choose. The folders without -x64 are the 32 bit ones.
w61, w61-x64 : Windows 7 and Windows Server 2008 R2
w62-x64 : Windows Server 2012
w63, w63-x64: Windows 8.1 and Windows Server 2012 R2
w100, w100-x64: Windows 10 and Windows Server 2016
Here’s the command lines I use to patch Windows 7 64 bit. One for the *.cab files and one for the *.msu. I think you need both to get all patches. Replace D:\patch\wim with the path you mounted the wim file on. Make sure you run the command in a window with administrative rights.
for /R C:\wsusoffline\client\w61-x64 %f in (*.cab) do DISM /image:D:\patch\wim /add-package /packagepath:%f
for /R C:\wsusoffline\client\w61-x64 %f in (*.msu) do DISM /image:D:\patch\wim /add-package /packagepath:%f
NOTE: Some of the patches downloaded by WSUS Offline Update will most likely not be applicable to whatever particular version you are patching so some will fail.
Consider using NTLite to patch instead of DISM (https://www.ntlite.com/download/) as it has a GUI and can also do some other stuff like automation, turning features on and off and remove individual patches from the list before updating the wim file.
Here’s a quick list of what you need to do in NTLite to patch
1. Choose Add->Image file and browse to the install.wim file you want to patch
All the indexes in the wim files should now be listed in the main window with gray dots in front of them. Some have just one and others can have several (Like Windows 7 Home, Pro, Ultimate etc)
2. Double-click on the index you want to mount and patch
When this is done the dot in from of the index should be green and you should have new menu items in the left column.
3. To add a whole folder with patches (including subfolders) click on Updates under the Integrate heading and then in the top left corner click Add->Folder and subfolder found packages. Browse to for instance C:\wsusoffline\client\w61-x64\ for Windows 7 64 bit patches and click Select Folder
You can also add drivers and other items.
4. When you want to write all the changes to the wim click Apply at the bottom on the left column and then click Process in the top left corner
5. Enjoy your victory with a cold beverage 😀
Hopefully this is helpful to someone 🙂
Very good tips Thomas! I appreciate you taking the time to put all of that together.
Very complete guide. Except for the typo since it should be %f in the for loop at the very end.
Since I also had trouble installing most of the updates with dism I set up a WSUS server and used its found updates as source. Now it works fine integrating them with dism.
Hi, I have created Slipstream for Windows 2012 Std R2 64bit and injected 322 patches.
created ISO with oscdimg -n -m -bE:\systemutil\Win2k12R2\boot\etfsboot.com E:\systemutil\Win2k12R2 E:\systemutil\base\windowsSS.iso but its not booting. ISO size is 8.30GB.
The ISO is not a bootable Windows which was not explained. YOu need the boot file extracted from your original Windows ISO using program such as WinISO and adding to the created one.
Thank you Al!
It’s %%f not %f in a batch file to work correctly!
This fails on all updates but windows updates. Is there anyway to install all the office updates, etc?
I don’t usually leave replies on boards and this one is a little old, but I just wanted to say that this article and the different workarounds have really helped me out. I already use wsus offline and it is an amazing way to get most of the downloads you need without bottlenecks from the update server. I tried NTLite but couldn’t get it to load .cab files. You literally have to download every single update as .msu file. I will probably use NTLite to add the .Net files though, since they are all .exe and you can add programs and .exe to the post installation. Any way, thank you to everyone who wrote and helped contribute to this!
No problem at all! Thank you for the kind comment!
Why not update the original article?
I’m not going to use SCCM. MDT is just fine, SCCM is essentially the same thing anyway. Something about this article just isn’t right, or works.
I’ve been trying to modify the commands, perhaps it comes down to the age of the content… It’s not explicitly stated “Share the C drive on the computer that’s fully installed…” So while I’m trying to dissect whether the batch file is pulling the entire folder, I’m also questioning why you don’t just copy the entire folders contents to a local folder? Seems like a pretty good idea but it’s very flawed and missing a lot of steps…
I see this quite a lot with engineer based deployment scripts, and while I can assume what was required of me, the fact that the information given does not work makes troubleshooting this issue a bigger PITA.
Here’s what I’m encountering, I mount the wim file, then I open another command prompt and when I paste the command in and edit it to point to the correct location, it doesn’t work. I was able to get the DISM command to load, but once, and it errored out. I’m not entirely sure that it will work without describing what the commands are looking for that way I can troubleshoot my network, or firewall, or cmdkey, or etc rather than trying to see what is wrong with the provided script.
I like the idea, but I’ve yet to see it work and suggesting SCCM is not an option I’d like to take.
How much longer would it take to run the the 2012R2 upgrade with all the patches applied? Also, since we lost a good team member, anyone here able to generate a full 2012R2 base upgraded image for us at cost? And if so, what is your cost?
Hi, Everything is ok.
But let me raise a query.
How do i check, if the update patches and servicing stock updates are correctly integrated or not.
Can we view the files , with the help of 7 zip, like kb……….etc..etc.
Can i totally install the bootable iso to a virtual drive and then unmount it without any damage to the existing windows running
Is it possible to unmount when i check install using virtual clone drive
I ask you, because, at one time, the installation stopped abruptly while expanding files … the second stage of installation. I am talking about windows 7 64 bit