Wednesday, April 30, 2014

Managing Updates in Microsoft Deployment Toolkit

In MDT Updates are refereed to in the console as Packages, unfortunately MDT does not support direct integration with Windows Server Updates Services however indirect integration is possible.

Adding Packages to the MDT Console

For those of you who have read my previous blogs you'll recognize the structure bellow from the Driver import blog.

·         AMD64
o   Microsoft Windows 7
o   Microsoft Windows 8
o   Microsoft Windows 8.1
·         X86
o   Microsoft Windows 7
o   Microsoft Windows 8
o   Microsoft Windows 8.1

Now that we have established the appropriate structure for our update packages we can import either MSU files or CAB files directly into the structure newly created. This is primarily useful for Service Packs or other non critical updates that would not otherwise be included in your organizations WSUS.



Now that we have created the structure as can be seen above we can proceed to import the update package.

Importing Packages

In addition to creating the basic structure as seen above I recommend for testing to create folders for easier management and detection of faulty updates.


As you can see the in the above example both updates and features can be added and thus injected into the image during deployment.

Updates are added by right clicking on the folder in question and choosing Import OS Packages.
You can choose either MSU files or CAB files for import thus making it an extremely useful approach.

Create a Selection Profile to Focus the Update Selection During the Task Sequence

  1. Open the MDT Console 
  2. Open the Advanced Configuration Node
  3. Open The Selection Profile Node 
  4. Right Click on the Selection Profile Node and select New Selection Profile 
  5. Create One Appropriate for Each of your Operating Systems Making sure that it will be Processor Architecture Dependent
     
  6. Click Next After Entering an Appropriate Name That Both Delineates Operating System and Architecture 
  7. Choose the folder containing the appropriate updates under the Packages Node that you created previously. As in the case of the drivers selection profile selecting the head of the tree will automatically select all objects beneath it. 
  8. Complete the Wizard
  9. Return to the Task Sequence Node 
  10. Open the Appropriate Task Sequence and Scroll down to the Apply Packages task. 
  11. Select the Appropriate Selection Profile and click Apply.

Importing Updates Directly from Windows Server Updates Services

Importing Updates directly from a local WSUS server on your organizations network can provide a seamless way to integrate your organization's update infrastructure with your deployment server. This can be accomplished by adding a single line to your CustomSettings.ini file located at \\MDT-Server\DeploymentShare$\Control.
Add the line: WSUSServer=http://WSUSServer:8530 
The line should be added to the default section of your CustomSettings.ini so that it affects all Task Sequences.
Following this all that remains is enabling the Windows Updates step in your Task Sequence.

  1. Open the Task Sequence Node
  2. Choose the Task Sequence in Question
  3. Scroll Down till you get to Windows Updates (Pre-Application Installation)
  4. On the right pane choose the Options Tab and Remove the Check from Disable this step 
  5. Scroll Down Further in your Task Sequence till you get to Windows Updates (Post-Application Installation) 
  6. Next refer to the right pane, choose the options tab and remove the check for Disable this step. 

Your all done. These options can function independently from one another or together in a hybrid format. Together they provide a wonderful way to keep your deployment time down and your computers up to date upon arrival, without the necessity of updating your image every few weeks.

I hope this helps and by the way I welcome comments, questions and also your own deployment ideas.