When we move workloads to Intune in our Co-Management scenarios we lose some features we have been using and need to go back to basic. In this short post we will install updates during OSD using the PSWindowsUpdate module which is great. When we moved the Windows Update workload and uninstalled WSUS we need another way of installing updates. I did a lot of testing and excluding drivers and all updates with “preview” in the title works really well.
Start by saving the PSWindowsUpdate module to a temp directory on a computer, we download it so we can add it to our CM Package we us to install updates.
Save-module PsWindowsUpdate -Path C:\Module
That will create the following folder with the module inside
Then we save the script below in the same folder. The script will do the following:
- Copy the PSWindowsUpdate module to the local computer
- Read the TS variable for the location of the SMSTS.log folder
- Install updates from Windows Update excluding Drivers category and updates with “Preview” in the title.
- Log the progress to a log file in the CCM\Logs folder
# Script to install updates from Microsoft Update during OSD
# Jorgen@ccmexec.com
# Copy PSWindowsUpdate module
$TargetPath = Join-Path -Path $env:ProgramFiles -ChildPath "WindowsPowerShell\Modules"
mkdir $TargetPath -Force -ErrorAction Stop | Out-Null
Copy-item -path $PSScriptRoot'\PSWindowsUpdate' -Destination $TargetPath -Recurse
# Get SMSTSLog folder
$tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment
$SMSTSLogfile = $tsenv.Value("_SMSTSLogPath")
$SMSTSLogfilepath = $SMSTSLogfile.Replace("\SMSTS.log", "")
# Install updates from Microsoft Update
Import-Module PSWindowsUpdate
Get-WindowsUpdate -AcceptAll -Install -NotCategory "Drivers" -NotTitle Preview -WindowsUpdate -IgnoreReboot | Out-File "$SMSTSLogfilepath\WindowsUpdate-$(get-date -f yyyy-MM-dd).log" -force
Our source folder now looks something like this and can be copied to our MEMCM Source folder share.
In Configuration Manager we create a Package with source files and distribute them to the relevant DP’s.
In our Task Sequence we add the following steps, note the Restart Computer steps, I had to add two restart computer steps to get all of my physical test machines to not break the task sequence engine with an unexpected reboot. Be sure to test that out!
A tip if you are piloting moving Windows Update for business, add a variable to the Co-Management Pilot collection. Then we can use that as a condition to run updates using this script or using Configuration Manager depending on the variable.
I will post more on Co-Management and prestaging a Co-Managed computer soon
Could you explain what the “TSBStatus04” step is?
That is a step to change the Background status displayed by TSBackground during OSD.
https://ccmexec.com/2019/06/tsbackground-for-configmgr/
Regards,
Jörgen
Does this solution also apply Feature Updates to Win10/Win11? I would want to suppress that if possible
Hi Jörgen,
I am trying to get your scritp to run during a very simple TS installing Windows 11.
DO you know of any problems with windows 11 and PSWindowsUpdate or the way teh scripts functions.
Anthony’s question is pertinent 😉
The reason I’m looking at this solution is that we currently deploy language packs during task sequence, using variables. We have around 20 languages in our environment so putting them in the image is a bit ridiculous.
The problem is that when you install a language pack, you must install a CU after it, or stuff breaks. Since we moved workload to WUFB/Intune, the Install Updates step broke.
Installing the cab file of the CU as a package also doens’t seem to work now (at least not with W11 22H2 from my testing).
So your solution looks like a life saver, many thanks. I will test and report back ;).
So have now tested this using W11 22H2 and W1021H2
I tried offline media and PXE
Everything worked very nicely, and now feature update was applied to the W10 21H2 device despite one being available.
Fixed my issues with installation of lang packs in TS for both W11 and W10.
Full marks 😉
“Everything worked very nicely, and now feature update was applied to the W10 21H2 device despite one being available.”
Should have read :
“Everything worked very nicely, and NO feature update was applied to the W10 21H2 device despite one being available.”
This is in reply to Anthony’s question above.