In this guide, we will cover two methods to slipstream updates: with the DISM PowerShell cmdlets and with SCCM.

More than 250 updates are available for Windows 8.1 and its related features! If you want a fully patched (and secured) image, you have to get these updates installed before the first logon. This can be handled in a few ways.

First of all, you probably know that the image can be patched during the installation process. This can be time-consuming because all updates are installed every time a machine is imaged. The image can also be patched through the scheduled update installation in SCCM, as well as through a DISM PowerShell script.

We previously featured a method of using DISM to slipstream updates. Because of the huge response (more than 70 comments so far), this guide will expand upon that original article and explore the last two options listed above.

Slipstreaming with the DISM PowerShell module

In the Windows 7 and XP world, an IT administrator would have the latest install just by looking at the service pack that installs. This worked out pretty well because Microsoft bundled previously released updates into the installation.

Although the title of the service pack has gone away, the concept still lingers. Microsoft is making the effort to update media on MSDN for Windows 8.1. Start with the latest media available to you. If you use MDT or SCCM with a thin image, you can simply swap out your WIM in your deployment share (or OS image folder).

We will use DISM PowerShell cmdlets to inject our updates and manage our image. The DISM PowerShell module can even be used without installing the Windows Assessment and Deployment kit. Open an admin PowerShell ISE prompt. Type mkdir C:\Mount to create the directory in C:\ where DISM will store extracted and editable WIMs.

Make a copy of the WIM. We will be using the copy to inject updates into; this ensures we do not accidently corrupt the original image. Before extracting it, be sure that the WIM file is not marked as read-only. You will receive permissions errors if it is. Use the following command to mount the WIM file:

Mount-WindowsImage -ImagePath C:\X64\sources\install.wim -Index 1 -Path C:\Mount\

Your WIM may contain multiple indexes. Ensure that you are mounting the correct index. You can see any additional indexes by using the Get-WindowsImage command.

The Get-WindowsImage cmdlet shows only one index in this WIM.

The Get-WindowsImage cmdlet shows only one index in this WIM.

We will need a fresh machine that was installed from your WIM and has all of its Windows Updates installed. This has to be done for each OS that you deploy. We are now going to use PowerShell to retrieve updates from our source machine and loop through an injecting process:

$SourceMachine = Read-Host "What is your source machine?"
$Path = "\\" + $SourceMachine + "\c$\Windows\SoftwareDistribution\Download"
$Cabs = Get-ChildItem -Path "$Path" -Recurse -Include *.cab | Sort LastWriteTime
ForEach ($Cab in $Cabs){
    Add-WindowsPackage -Path C:\Mount -PackagePath $Cab.FullName
    if ($? -eq $TRUE){
        $Cab.Name | Out-File -FilePath .\Updates-Sucessful.log -Append
    } else {    
        $Cab.Name | Out-File -FilePath .\Updates-Failed.log -Append

If your OS is not installed on C:\, you will need to edit line 2 to point to the correct location. In line 3, we grab all of the cab files that have been downloaded and then loop through all files to add them to the image. The updates are sorted by their last write time.

The Add-WIndowsPackage cmdlet updates the image with a .cab package. If the injection is successful, the update name is written to Updates-Sucessful.log; if the update fails, it is written to Updates-Failed.log. The automatic variable $? determines the execution status of the Add-WindowsPackage command. When $? is TRUE, the update was injected.

The Updates-Failed log showing express updates. CMTrace is used to forma...

The Updates-Failed log shows express updates. CMTrace is used to format the log.

Expect to have many failed updates, especially if you have Office or other Microsoft applications installed. Any update that contains “express” in the name will also fail. Copy the KB number and go to Microsoft Update Catalog. Download the full update for any express updates that failed and save them in a new folder (C:\Updates). Change the $Path variable to point to your new location ($Path = "C:\Updates") and run the script again.

Here is the completed script that mounts the image, runs through the loop, and then saves the image:

$SourceMachine = Read-Host "What is your source machine?"
$Path = "\\" + $SourceMachine + "\c$\Windows\SoftwareDistribution\Download"
$Cabs = Get-ChildItem -Path "$Path" -Recurse -Include *.cab | Sort LastWriteTime 
Mount-WindowsImage -ImagePath C:\X64\sources\install.wim -Index 1 -Path C:\Mount\
ForEach ($Cab in $Cabs){
    Add-WindowsPackage -Path C:\Mount -PackagePath $Cab.FullName
    if ($? -eq $TRUE){
        $Cab.Name | Out-File -FilePath .\Updates-Sucessful.log -Append
    } else {    
        $Cab.Name | Out-File -FilePath .\Updates-Failed.log -Append
Dismount-WindowsImage –Path C:\Mount –Save

 Slipstreaming with SCCM 2012

SCCM 2012, with a properly configured Software Update Point, is quite a bit easier. Your deployment must run through SCCM, but it can be an MDT integrated task sequence. On the Configuration Manager console, navigate to Software Library – Operating Systems – Operating System Images.

This example shows three operating system images in SCCM 2012 R2

This example shows three operating system images in SCCM 2012 R2.

Select your image and then choose Schedule Updates from the ribbon. The next screen displays the updates that SCCM deploys and those that match the WIM OS. I only apply updates that target the core OS. You can see in the screenshot below that I unchecked the Windows Malicious Software Removal Tool.

These software updates will be applied with SCCM Schedule Updates

These software updates will be applied with SCCM Schedule Updates.

On the schedule page, select a time frame when the image is unlikely to be used. Be sure to leave the Update distribution points with the image box selected.

SCCM will essentially perform the same process as our DISM PowerShell script. It will mount the image, apply the updates, and save the image. If a WIM has multiple indexes, it will cycle through each and apply applicable updates to all of them.

Your previous image will be renamed with a .bak extension, and the new one will be saved in its location. Be sure you have the space for both files. Because this is SCCM, you know it will have a very in-depth log file. The Scheduled Updates log file is named OfflineServicingMgr.log.


In this guide, we covered two ways of managing updates in an offline image. Our first method used the DISM PowerShell module to inject updates from a source machine or folder. The second method relied on a SCCM Update Point. Do you inject updates into your image? If not, what is holding you back?

  1. James 8 years ago

    This is pretty cool. It looks like it works for an online image too. I did it to patch a freshly loaded server that I had slip streamed updates from July and earlier on the image.

    Doing Add-WindowsPackage -Online -PackagePath $Cab.FullName -NoRestart in the loop let me pull the cabs from a recently patched server and apply them to my newly loaded box (This was WS12R2).

    Any idea how long the SoftwareDistribution\Download cab files persist? On some of my servers its nearly empty, on the servers I just patched in the past few days it had quite a few cab’s in it.

  2. Author

    I believe that doing items like a baseline configuration reset will remove the cab files from the machine. There may be a time a delay (or an obsolete flag) but I am not completely sure on that.

  3. miki43 8 years ago

    $SourceMachine = Read-Host “What is your source machine?”
    $Path = “\\” + $SourceMachine + “\c$\Windows\SoftwareDistribution\Download”
    Hey whats your point of using this code why you are making elephant from fly.You simply can type this:$Path = “C:\Windows\SoftwareDistribution\Download” or any drive letter with installed windows or just type $Path = “$Env:WinDir\SoftwareDistribution\Download” and it finish job.I don’t like you making things complicated

    • Alex 1 year ago

      @miki43: The script asks which *remote* machine to connect to, to pull the updates from. Your suggestion only works locally on the same machine.

  4. Bryant F 8 years ago

    Is there any way to inject office .cab files into an image using DISM?

  5. Patrick 7 years ago

    Can the powershell method be pointed to a WSUS server folder? Also if it can be, will it pull all updates? for example if the WSUS is downloading updates for multiple operating systems will it know which ones to inject automagically or will it try to inject server 2012r2 updates into a windows 10 wim?

  6. Author

    You should be able to point it to the WSUS server – it will try to inject all updates that it can find though. Backup your media first before doing this. 🙂

  7. Miguel Mojica 7 years ago

    Hello Joseph,

    I was wondering if I’m able to update a WIM with multiple indexes from SCCM. I see that SCCM does recognize the WIM having multiple indexes, but at the Schedule Update step, I don’t get an option to select what index I want to update. Do you know if it goes to each index to perform the update?

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account