How to enable Microsoft \ Windows Update during Build and Capture Task Sequence

24 בJanuary 2016

One of the most important benefits of using Build and Capture Task Sequence is the fact we can perform a full automatic Windows Update or Microsoft Update processes during the Windows Deployment.

Why is this so important?

Well, a common image in many organizations will only contain Windows, Office and updates (some add Adobe reader, flash and Java) and usually our base image changes from time to time is the updates that were published since our last capture.

So when we have a full automatic capture sequence that installs Windows, Office and performing updates, we can just run it once in a period (I usually recommend every quarter) over night and come back in the morning having fresh updated Windows Image (WIM) file.

Few important recommendations:

1. if your organization use System Center Configuration Manager (SCCM) in order to perform Operating System Deployment, you should still use Microsoft Deployment Toolkit (MDT) in order to perform Build and Capture Task Sequence – it is the best practice for creating an Image.

2. When making an Image using Build and Capture Task Sequence, please remember to remove the BitLocker\Recovery partition from the “Format and Partition” step. That way you won’t have 2 indexes

3. Always use a virtual machine to run Build and Capture task sequence – its clean and can save you some troubles later on.

Whenever we want to use WSUS we need to specify a certain Task Sequence Variable. We can set this variable via Customsettings.ini file and add:

WSUSServer=HTTP://<Wsus Server FQDN>:<port>

For example: WSUSServer=http://WSUS.u-btech.local:8531

We can also set it within our task sequence by adding “set Task Sequence Variable” step

Task Sequence Variable


After settings the WSUS Server we can go to the “State Restore” Group and enable both Windows Update Tasks (Post\Pre-Application Installation)

Usually, I am installing several applications before starting Windows update:

· Visual C++ all versions

· Last version of .Net Framework

· Last version of Internet Explorer

· Last Windows Update Agent

Than the Pre-Application Installation step starts and when finished I will install Microsoft Office (before Post-Application Installation) and that’s for the basic reason that I want my Microsoft office to be fully up-to-date.

In order to actually apply Microsoft Office updates I need to enable Microsoft Update instead of the out-of-the-box Windows Update. To achieve that I am using a small script I named ZTIEnableMSUpdates.vbs which as you can guess will extend Windows Update to install other Microsoft products’ updates

The Script should be copied to the Scripts folder in the DeploymentShare. Script content:

Set ServiceManager = CreateObject(“Microsoft.Update.ServiceManager”)

ServiceManager.ClientApplicationID = “My App”

‘add the Microsoft Update Service by GUID

Set NewUpdateService = ServiceManager.AddService2(“7971f918-a847-4430-9279-4a52d1efe18d”,7,””)


After this step, I will use the built in Windows Update (Post-Application installation) step. It is recommended to perform a “Restart Copmuter” step before the second update phase.

This is how my MDT Task Sequence will look like:

Enable Microsoft Update

In order to perform updates from Microsoft Update online just ignore the steps of setting WSUSServer variable. When this variable is not set or empty, the update process will go directly online to Microsoft Catalog (require internet connection).

If you are having troubles with the update process which is hanged on Searching Updates please read the following post:

Ori Husyt

System Center Cloud and DataCenter Management MVP

U-BTech Solutions

הוסף תגובה
facebook linkedin twitter email

Leave a Reply

Your email address will not be published. Required fields are marked *