SCCM - System Center Configuration Manager

Windows 7 OSD deployment (SCCM or MDT ) and starting with a patched media = More secure & Saves time !

1. Download your patches to a folder

You could always download the patches from the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx and save them to a local folder or automate it by the following process :

• First step will be to install a clean Windows 7 machine without any application . After that process we will run wuauclt /detectnow and install all available updates . You will need to reboot a few times and rerun the wuauclt /detectnow to allow all patches to be installed properly

• Then run the procedure below for WSUS patch extraction :

Go to C:\windows and open windowsupdate.log in excel. Delimit the file by Tab and space

Run the auto-filter and filter on “Downloading” in column “G”

Select all rows in column “I” and copy the table. Go to new sheet and paste in this in column “B”

We select column “B” and select Data -> text to column en delimit by ‘/’. Now we remove column “B,C,D and E”

Go back to sheet where you imported the “Windowsupdate.log” and select all rows in column “K” and copy the column. Go to the new sheet and paste in column “D”

We select column “K” and select Data -> text to column en delimit by ‘\’. Now we remove column “D,E,F,G and H”

Paste the following formula in column “A” “="Copy H:\" & B2 & "\" & C2 & " c:\Patches\" & D2”

Drag the formula to below , select column A , select all and copy it

Open notepad , paste the text and save as “getpatch.cmd”

Map your drive H: to \\yourwsusserver\WsusContent and run “getpatch.cmd”

Copy your downloaded patches to the location you need them

 

2. Applying the offline patches to the windows 7 media

Open up a WINPE command prompt via the WAIK.

Run the following commands in the following sequence .

Dism /Mount-Wim /Wimfile:"F:\DISM\Windows 7 Enterprise SP1 Eng X64 Source\sources\install.wim" /index:1 /Mountdir:F:\DISM\temp

Dism /image:F:\DISM\temp /add-package /packagepath:F:\DISM\Patches (where the patches folder contains your downloaded CBS windows patches)

dism /commit-WIM /Mountdir:F:\DISM\temp

dism /unmount-WIM /commit /Mountdir:F:\DISM\temp

3. What if you get an error applying the offline patches?

It can happen that there are patches that cannot be applied offline. When that happens, you will get the following error as shown below in the screenshot. In this case KB2533552. Do not worry, the process does not need to run again.

However, please note all patches that couldn’t be applied, so you could keep track of them for later deployment .

To see what is really going on and to verify this is a patch that cannot be applied offline , you should open the DISM.log file and search for the specific update as shown below in the screenshot.

When you look closer at the screenshot, you will see the message “Cannot perform offline servicing with an online-only package “, meaning this patch is not a CBS update and needs to be applied online.

You could always check the update on the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx

4. Import the image in SCCM or MDT

After this process you need to import the source content in SCCM. When done start adding it to the distribution points and wait until it is replicated, preferably with a good naming convention.

After importing the image in SCCM, add it to the DP’s and check if the image is replicated correctly on all selected DP’s.

When it’s done, change the media in the task sequence to use the new patched media. This will allow you to minimize staging downtime.

Now you are running from the start with a patched offline media , meaning less deployment time and being more secure when deploying your machines !

Hope it Helps ,

Kenny Buntinx