My new employer doesn't have SCCM but they're at least using MDT, even if it is 2010. We (System Engineers for servers; Desktop Engineers for workstations) have historically been using Windows Update to patch the machine in question, but that (a) requires a bit of baby sitting, (b) takes ages and (c) is done every time a new server is stood up or new image is built.
Being one of the new guys, I've been asked if there's a way to automate the installation of OS updates for Windows 7 up to Server 2012 R2. My process has been to mount the WIM and apply as many updates as I can offline by pointing DISM to a directory full of updates.
However, I've been in situations where updates break the WIM because dependencies weren't in place, namely .NET which can't be installed offline. And its such a hassle to go through that troubleshooting process narrow it down to the offending update
- augh!
Having said all that, I'm in need of some advice for how to handle stock WIMs from stock Microsoft ISO's.
- What process do you experts follow for getting that WIM fully up to date?
I'm talking all the [recommended] updates offered via Windows Update: from updates for Windows, IE, .NET; standard security updates to IE upgrades (e.g. from 9 to 9, 9 to 10, 10 to 11), MSXML updates, Silverlight etc.. - Does update installation order matter?
Is it safe to point DISM to a directory of cabs for offline updates & let it rip or does it require a bit of structure?
I'm sort of doing a hybrid: Pulled down over 200 updates from the Microsoft update catalog, extracted the cabs into a centralized location & separated them into two groups, group 2 being updates thatseem to cause problems when done offline or can't be done offline due to a prerequisite. (Group 1 is bit more than 200 updates, Group 2 is about a dozen including 2685811, 2685813, 2533552, 2819745) - Can I assume that for updates like WMF 4.0, UMDF 1.11, KMFD 1.11, MSXML and straight upgrades like .NET 4.5, IE 10/11, you're laying down the OS, installing the pre-requisites, installing the updates - maybe even running Windows Updates, then capturing?
I'm just really curious as to how far off the mark I am, how I can automate as much of this as possible and of course doing it right! :)
Thanks