Windows 7 OSD deployment (SCCM or MDT ) and starting with a patched media = More secure & Saves time !

9:03 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr 2012, ConfigMgr SP2, ConfigMgr V.next, configmgr2007, ConfigMgr2007 R3, Deployment, DISM, OSD, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, SCCM 2012, SCCM v.Next, sccm2007, WAIK, Windows 7, Windows 7 SP1, Windows7 by Kenny Buntinx [MVP]

1. Download your patches to a folder

You could always download the patches from the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx and save them to a local folder or automate it by the following process :

  • First step will be to install a clean Windows 7 machine without any application . After that process we will run wuauclt /detectnow and install all available updates . You will need to reboot a few times and rerun the wuauclt /detectnow to allow all patches to be installed properly

  • Then run the procedure below for WSUS patch extraction :

Go to C:\windows and open windowsupdate.log in excel. Delimit the file by Tab and space

Run the auto-filter and filter on “Downloading” in column “G”

Select all rows in column “I” and copy the table. Go to new sheet and paste in this in column “B”

We select column “B” and select Data -> text to column en delimit by ‘/’. Now we remove column “B,C,D and E”

Go back to sheet where you imported the “Windowsupdate.log” and select all rows in column “K” and copy the column. Go to the new sheet and paste in column “D”

We select column “K” and select Data -> text to column en delimit by ‘\’. Now we remove column “D,E,F,G and H”

Paste the following formula in column “A” “="Copy H:\" & B2 & "\" & C2 & " c:\Patches\" & D2”

Drag the formula to below , select column A , select all and copy it

Open notepad , paste the text and save as “getpatch.cmd”

Map your drive H: to \\yourwsusserver\WsusContent and run “getpatch.cmd”

Copy your downloaded patches to the location you need them

 

2. Applying the offline patches to the windows 7 media

 

Open up a WINPE command prompt via the WAIK.

Run the following commands in the following sequence .

Dism /Mount-Wim /Wimfile:"F:\DISM\Windows 7 Enterprise SP1 Eng X64 Source\sources\install.wim" /index:1 /Mountdir:F:\DISM\temp

clip_image002

Dism /image:F:\DISM\temp /add-package /packagepath:F:\DISM\Patches (where the patches folder contains your downloaded CBS windows patches)

clip_image004

dism /commit-WIM /Mountdir:F:\DISM\temp

clip_image006

dism /unmount-WIM /commit /Mountdir:F:\DISM\temp

clip_image008

 

3. What if you get an error applying the offline patches?

 

It can happen that there are patches that cannot be applied offline. When that happens, you will get the following error as shown below in the screenshot. In this case KB2533552. Do not worry, the process does not need to run again.

However, please note all patches that couldn’t be applied, so you could keep track of them for later deployment .

clip_image010

To see what is really going on and to verify this is a patch that cannot be applied offline , you should open the DISM.log file and search for the specific update as shown below in the screenshot.

clip_image012

When you look closer at the screenshot, you will see the message “Cannot perform offline servicing with an online-only package “, meaning this patch is not a CBS update and needs to be applied online.

You could always check the update on the following link http://catalog.update.microsoft.com/v7/site/Install.aspx?referringpage=Home.aspx

 

4. Import the image in SCCM or MDT

 

After this process you need to import the source content in SCCM. When done start adding it to the distribution points and wait until it is replicated, preferably with a good naming convention.

After importing the image in SCCM, add it to the DP’s and check if the image is replicated correctly on all selected DP’s.

When it’s done, change the media in the task sequence to use the new patched media. This will allow you to minimize staging downtime.

 

Now you are running from the start with a patched offline media , meaning less deployment time and being more secure when deploying your machines !

 

Hope it Helps ,

 

Kenny Buntinx