fb
Homepage 5 How-to Articles 5 WSUS Offline Update Tool Integration with MDT

WSUS Offline Update Tool Integration with MDT

Monitor and manage endpoints, deploy software and patches, access and control remote machines with Action1 RMM robust cloud-based IT management solution.

April 3, 2020

In this article, we will look at an example of integrating security updates from WSUS Offline Update tool into a Windows 10 installation task over a network using the Microsoft Deployment Toolkit (MDT). Thus, you can configure the automatic deployment of a fully patched Windows 10 image. There are other ways to install Windows updates or integrate it into a system image, for example, directly into a WIM file of a system image or using the built-in MDT tool.In this article, we will consider WSUS Offline Updater, as a fairly convenient and functional tool, and its ability to integrate with MDT.

What Is WSUS Offline Updater and How to Download This Tool

First of all, we need to download the latest version of WSUS Offline Update tool (https://download.wsusoffline.net/).

WSUS Offline Updater is a free utility designed to automatically retrieve all security updates for a specific Microsoft product from the Microsoft Update website or local WSUS server. Updates are saved in a local folder and the administrator can then install these updates offline on isolated computers, without the need to connect them to the Internet or local network. The utility allows you to download updates for all supported versions of Windows (Vista, 7, 8,10 / Windows Server 2008, 2008 R2, 2012, 2012 R2), Office 2010, 2013 and 2016, .Net Frameworks, C ++ Runtime libraries, databases Windows Defender updates, Microsoft Security Essentials, etc.

Download and unzip the contents of the wsusoffline107.zip archive to any directory. In my case, this is C:\Distr\wsusoffline.

Run the UpdateGenerator.exe executable file (WSUS Offline Update Tool Generator)

Step 1 to use WSUS Offline Update tool is to Run the UpdateGenerator

Select the version of Windows for which you want to receive a list of required security updates. For example, for Windows 10, you need to select the required bit depth (x64 Global (multilingual updates) in the Windows 10/Server 2016 (w100 / w100-x64) section and click Start.

Step 1 to use WSUS Offline Update tool is to Select the version of Windows

The utility will receive a list of available updates and start downloading files that have not yet been received. This means that the program can be run periodically to download only the latest missing updates without having to re-download all the packages again. Depending on the speed of Internet access, downloading all product updates may take quite a while.

Step 1 to use WSUS Offline Update tool is to start downloading update files

Notes:

  • In the program settings, you can specify that updates are downloaded from the Internet (Microsoft Update site), and from the local WSUS server.
  • When connecting to the Internet through a proxy, the proxy server settings can be set by clicking the Proxy button.

All downloaded updates are saved in the Client directory.

Client directory with downloaded updates

To install updates on the client, the program with the graphical interface UpdateInstaller.exe is used. In our case, a GUI is not required, because updates should be installed automatically without user interaction. In this case, it is better to use the script file Update.cmd (it, in turn, runs the script \cmd\DoUpdate.cmd). Therefore, MDT should run the update.cmd file when deploying Windows 10 on the client.

  • The latest version of the Windows Update Agent is stored in the WSUS directory
  • The w100-x64\glb directory contains the update files for Windows 10 themselves in * .cab format
WSUS Offline Update tool. Update files directory

Integration of WSUS Offline Updater with MDT

After all the updates have been downloaded to the local drive, close the WSUS Offline Updater window and copy the contents of the Client folder to your north MDT. I placed it in the C:\DeploymentShare\Scripts folder.

Folder with updates

Now you need to add the task of starting the update installation to the Windows 10 installation task.

Open the Deployment Workbench (MDT) console, and in the Task Sequences section, find the desired task to which you want to add the update installation step. In our example, this is Deploy Win 10 x64 Pro. Open its properties and go to the Task Sequence tab.

Task Sequence tab

Create a new MDT task that mounts the network folder with updates (Client) to a separate drive (the update.cmd file does not work with UNC paths) and runs the update.cmd file to start installing updates.

In the task group State Restore -> Custom Task, after we create two new tasks:

  • Mounts a network drive with the Client directory on the UNC path
  • Runs the update.cmd script.

Create a new task (Add-> General-> Run Command Line) named Mount Network Folder

Mount Network Folder

In the line Command line indicate the following command:

cscript.exe "%SCRIPTROOT%\ZTIConnect.wsf" /uncpath:\\10.10.0.70\DeploymentShare\Scripts\client

fill in command line field

Tip. The ZTIConnect script mounts the network directory to a drive with the letter Y:

The second task, named Install Windows Updates Offline, should contain the following startup line:

Cmd.exe /c “Y:\DeploymentShare\Scripts\client\update.bat”

Install Windows Updates Offline task

Update the distribution directory by using right mouse click on the root of the MDT share and selecting “Update Deployment Share”.

Update Deployment Share

Installing Updates When Deploying a Windows 10 PC over a Network

You can test the operation of the Windows 10 deployment task on the client (it can be a virtual or physical machine). Turn on the test machine and start the network boot using PXE.

Select the desired Task Sequence and wait until the installation of Windows 10 is completed. After the installation is complete, a window with the heading “Administrator DoUpdate” should appear, in which the process of installing Windows security updates will be displayed.

process of installing Windows security updates

Wait for the installation to complete and restart the computer.

So, we have configured the automatic installation of Windows security updates during the deployment of Windows 10 on clients using the Microsoft Deployment Toolkit and WSUS Offline Updater.

Consider Using Action1 to Install Windows Updates if:

  • You need to perform an action on multiple computers simultaneously.
  • You have remote employees with computers not connected to your corporate network.

Action1 is a cloud-based platform for patch management, software deployment, remote desktop, IT asset inventory, and endpoint management.

Related Articles

How To Delete User Profiles Remotely with PowerShell

When a user logs onto the computer for the first time (not via the network to access shared folders or printers), Windows creates a user profile. Among its contents are the NTUSER.DAT file (user profile settings), user-specific folders (My Documents, Desktop, etc.),...

About Action1 RMM

Action1 RMM is a cloud-based IT solution for remote monitoring and management, cybersecurity, and remote support.

Start your free two-week trial of Action1, or use RMM tools for free forever on 50 endpoints with no functionality limitations!



0 Comments

Submit a Comment

Your email address will not be published.

cloud patch management solutions action1

MSP Solution

Centralize endpoint management and boost efficiency of IT service delivery.

automated server patch management action compliance

Patch Management

Identify and deploy missing OS and third-party software updates.

cloud software deployment tools windows

Software Deployment

Distribute software and updates across managed endpoints.

software distribution tools software inventory action1

IT Asset Inventory

Keep a detailed inventory and manage hardware and software assets.

web client remote desktop

Remote Desktop

Support users via seamless remote desktop connection.

web based rdp client

Unattended Access

Provide administrative support and manage remote devices.

automated patch management action1

Endpoint Management

Run PowerShell, custom scripts, reboot computers and restart services.

API integrations action1

RESTful API

Integrate Action1 RMM to your IT ecosystem.

computer inventory tool for compliance

Reports and Alerts

Conduct endpoint security audits with comprehensive reporting.