Injecting Windows Updates into install WIM files via MDT | deKay’s Blog

For a while now I’ve been deploying Windows 7 on the network using the Microsoft Deployment Toolbox, and it generally works well. However, some of the images I deploy are now about a year old, and a year is a long time in the wonderful world of Microsoft Critical And Security Updates, and so having deployed a new PC there’s still a good hour’s worth of install-reboot-install-reboot-install “fun” with the updates. I decided it was time to start rolling the updates into the images.

One way is via the command line, as documented here, which is good for “live” WIMs and if you’ve only a few to do. However, this way uses the MDT and WSUS to inject the updates as Windows 7 is installed.

Firstly, you’re going to need to get the updates into MDT. Unfortunately, Microsoft doesn’t provide a big “download ALL the cab files” button, so you have to import them all manually. Thankfully, if you have WSUS on your network, you’ve already got them all (assuming you’ve approved them and synced WSUS, anyway).

via Injecting Windows Updates into install WIM files via MDT | deKay’s Blog.

Hits: 514

2 thoughts on “Injecting Windows Updates into install WIM files via MDT | deKay’s Blog”

  1. Convenience Rollup

    Windows Quality Rollup

    WSUS Offline

    Thanks to: How-To-Geek

    You can’t simply install the Convenience Rollup after installing Service Pack 1. You have to first install the April 2015 Servicing Stack Update first. Don’t ask us why; ask Microsoft.

    Head to the April 2016 Servicing Stack Update download page and scroll down to the download links. Click the appropriate link to download the update for either an x86 (32-bit) or x64 (64-bit version) of Windows 7.

    Update: You can quickly download the Convenience Rollup using the below direct download links. Microsoft could change them at any time, so send us a note if these links appear dead. If the direct download links work, you can skip downloading the update from the Microsoft Update Catalog website. Just download the appropriate update and run it to install it.

    Download the 64-bit version.
    Download the 32-bit version.

    If the direct download links don’t work or you just want to download the update in the official way, you’ll have to download the Windows 7 SP1 Convenience Rollup from Microsoft’s Update Catalog website.

    Unfortunately, this website requires ActiveX, which means it only works in Internet Explorer–you can’t use Google Chrome, Mozilla Firefox, or even Microsoft Edge on a Windows 10 PC.


  2. Further simplifying servicing models for Windows 7 and Windows 8.1

    Monthly Rollup

    From October 2016 onwards, Windows will release a single Monthly Rollup that addresses both security issues and reliability issues in a single update. The Monthly Rollup will be published to Windows Update (WU), WSUS, SCCM, and the Microsoft Update Catalog. Each month’s rollup will supersede the previous month’s rollup, so there will always be only one update required for your Windows PCs to get current. i.e. a Monthly Rollup in October 2016 will include all updates for October, while November 2016 will include October and November updates, and so on. Devices that have this rollup installed from Windows Update or WSUS will utilize express packages, keeping the monthly download size small.

    Over time, Windows will also proactively add patches to the Monthly Rollup that have been released in the past. Our goal is eventually to include all of the patches we have shipped in the past since the last baseline, so that the Monthly Rollup becomes fully cumulative and you need only to install the latest single rollup to be up to date. We encourage you to move to the Monthly Rollup model to improve reliability and quality of updating all versions of Windows.

    We are planning to add these previously shipped patches over the next year and will document each addition so IT admins know which KBs have been included each month.

    Security-only updates

    Also from October 2016 onwards, Windows will release a single Security-only update. This update collects all of the security patches for that month into a single update. Unlike the Monthly Rollup, the Security-only update will only include new security patches that are released for that month. Individual patches will no longer be available. The Security-only update will be available to download and deploy from WSUS, SCCM, and the Microsoft Update Catalog. Windows Update will publish only the Monthly Rollup – the Security-only update will not be published to Windows Update. The security-only update will allow enterprises to download as small of an update as possible while still maintaining more secure devices.


Leave a Reply