To follow up on my last post on building images with Configuration Manager 2012 I thought I would cover the scenario where you need to pull the updates from either WSUS or Windows Update instead of using Configuration Manager for installing the updates.
Chris Nackers wrote a great post on how to run ZTIWindowsUpdate.wsf from MDT standalone in Configuration Manager to install updates from a WSUS server. http://myitforum.com/cs2/blogs/cnackers/archive/2011/04/28/using-ztiwindowsupdate-wsf-to-install-updates-in-a-system-center-configuration-manager-task-sequence.aspx
The same script can be used to install updates from Windows Update following the guide above, when doing that here are some good tips.
1. Exclude updates
When excluding updates when the script is used in MDT, the excluded updates are configured in Customsettings.ini file, when using the script in Configuration Manager 2012 you can set them as variables in the Task Sequence instead.
Each exclusion needs a new variable and the value can be either the ArticleID or the KB number. Below is an example on how to block the browser choice, which is a big pain in the European Union, note that the KB should be written with the KB number only.
Bing Bar version 7.2 : KB2673774
Browser Choice: KB976002
Internet Explorer 10: KB2718695
2. Use a Proxy server
In some scenarios you need to use a proxy to be able to use Windows Update during the task sequence, when the script is run when using MDT this script can be used: http://blogs.technet.com/b/deploymentguys/archive/2010/11/30/using-the-mdt-windows-update-tasks-in-image-engineering.aspx however when you use Configuration Manager there is no logged on user we need to use Netsh Winhttp Set Proxy
Before running the ZTIWindowsUpdate.wsf step it would look like below.
3. Windows 7 sp1 Hotfixes: Don’t forget to include the Windows 7 sp1 Enterprise Hotfix Rollup in your image:http://support.microsoft.com/kb/2775511 and the Management Framework 3.0 which includes support for Powershell 3.0 http://support.microsoft.com/kb/2506143 in your image. I normally install more hotfixes as well.
4. Copy CMtrace to all computers: I always copy Cmtrace to C:\windows during the build of my images as I always end up missing it otherwise.
Happy image building!