This Wednesday | 12 PM EDT / 4 PM CEST

Action1 5 How-to Articles 5 WSUS Offline Update Tool Integration with MDT

WSUS Offline Update Tool Integration with MDT

April 3, 2020

By Peter Barnett

In this article, we will look at an example of integrating security updates from WSUS Offline Update tool into a Windows 10 installation task over a network using the Microsoft Deployment Toolkit (MDT). Thus, you can configure the automatic deployment of a fully patched Windows 10 image. There are other ways to install Windows updates or integrate it into a system image, for example, directly into a WIM file of a system image or using the built-in MDT tool. In this article, we will consider WSUS Offline Updater, as a fairly convenient and functional tool, and its ability to integrate with MDT.

What Is WSUS Offline Updater and How to Download This Tool

First, we need to download the latest version of WSUS Offline Update tool (

WSUS Offline Updater is a free utility designed to automatically retrieve all security updates for a specific Microsoft product from the Microsoft Update website or local WSUS server. Updates are saved in a local folder and the administrator can then install these updates offline on isolated computers, without the need to connect them to the Internet or local network. The utility allows you to download updates for all supported versions of Windows (Vista, 7, 8,10 / Windows Server 2008, 2008 R2, 2012, 2012 R2), Office 2010, 2013 and 2016, .Net Frameworks, C ++ Runtime libraries, databases Windows Defender updates, Microsoft Security Essentials, etc.

Download and unzip the contents of the archive to any directory. In my case, this is C:\Distr\wsusoffline.

Run the UpdateGenerator.exe executable file (WSUS Offline Update Tool Generator)

Step 1 to use WSUS Offline Update tool is to Run the UpdateGenerator

Select the version of Windows for which you want to receive a list of required security updates. For example, for Windows 10, you need to select the required bit depth (x64 Global (multilingual updates)) in the Windows 10/Server 2016 (w100 / w100-x64) section and click Start.

Step 1 to use WSUS Offline Update tool is to Select the version of Windows

The utility will receive a list of available updates and start downloading files that have not yet been received. This means that the program can be run periodically to download only the latest missing updates without having to re-download all the packages again. Depending on the speed of Internet access, downloading all product updates may take quite a while.

Step 1 to use WSUS Offline Update tool is to start downloading update files


  • In the program settings, you can specify that updates are downloaded from the Internet (Microsoft Update site), and from the local WSUS server.
  • When connecting to the Internet through a proxy, the proxy server settings can be set by clicking the Proxy button.

All downloaded updates are saved in the Client directory.

Client directory with downloaded updates

To install updates on the client, the program with the graphical interface UpdateInstaller.exe is used. In our case, a GUI is not required, because updates should be installed automatically without user interaction. In this case, it is better to use the script file Update.cmd (it, in turn, runs the script \cmd\DoUpdate.cmd). Therefore, MDT should run the update.cmd file when deploying Windows 10 on the client.

  • The latest version of the Windows Update Agent is stored in the WSUS directory
  • The w100-x64\glb directory contains the update files for Windows 10 themselves in * .cab format
WSUS Offline Update tool. Update files directory

Integration of WSUS Offline Updater with MDT

After all the updates have been downloaded to the local drive, close the WSUS Offline Updater window and copy the contents of the Client folder to your north MDT. I placed it in the C:\DeploymentShare\Scripts folder.

Folder with updates

Now you need to add the task of starting the update installation to the Windows 10 installation task.

Open the Deployment Workbench (MDT) console, and in the Task Sequences section, find the desired task to which you want to add the update installation step. In our example, this is Deploy Win 10 x64 Pro. Open its properties and go to the Task Sequence tab.

Task Sequence tab

Create a new MDT task that mounts the network folder with updates (Client) to a separate drive (the update.cmd file does not work with UNC paths) and runs the update.cmd file to start installing updates.

In the task group State Restore Custom Task, after we create two new tasks:

  • Mounts a network drive with the Client directory on the UNC path
  • Runs the update.cmd script.

Create a new task (Add General Run Command Line) named Mount Network Folder

Mount Network Folder

In the line Command line indicate the following command:

cscript.exe “%SCRIPTROOT%\ZTIConnect.wsf” /uncpath:\\\DeploymentShare\Scripts\client

fill in command line field

Tip. The ZTIConnect script mounts the network directory to a drive with the letter Y:

The second task, named Installation Windows Updates Offline, should contain the following startup line:

Cmd.exe /c “Y:\DeploymentShare\Scripts\client\update.bat”

Install Windows Updates Offline task

Update the distribution directory by using right mouse click on the root of the MDT share and selecting “Update Deployment Share”.

Update Deployment Share

Installing Updates When Deploying a Windows 10 PC over a Network

You can test the operation of the Windows 10 deployment task on the client (it can be a virtual or physical machine). Turn on the test machine and start the network boot using PXE.

Select the desired Task Sequence and wait until the installation of Windows 10 is completed. After the installation is complete, a window with the heading “Administrator DoUpdate” should appear, in which the process of installing Windows security updates will be displayed.

process of installing Windows security updates
Wait for the installation to complete and restart the computer.

So, we have configured the automatic installation of Windows security updates during the deployment of Windows 10 on clients using the Microsoft Deployment Toolkit and WSUS Offline Updater.

Consider Using Action1 to Install Windows Updates if:

  • You need to perform an action on multiple computers simultaneously.
  • You have remote employees with computers not connected to your corporate network.

Action1 is a cloud-based platform for patch management, software deployment, remote access, IT asset inventory, and endpoint management.

See What You Can Do with Action1


Join our weekly LIVE demo “Patch Management That Just Works with Action1” to learn more

about Action1 features and use cases for your IT needs.


spiceworks logo
getapp logo review
software advice review
g2 review
spiceworks logo

Related Posts

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.