MDT 2010 question

[gotenks98]

Anyone here use the apply patches as part of their task sequence? I wanted to know just how do you know which updates can and can not be used for this. I am having all kinds of hell keeping this straight because the installs always error out due to some update not working. So rather than testing every single update, is there a way to know ahead of time if this update will or will not work?

[cluberti]

Are you using the packages node? Or are you using a WSUS server and enabling the Windows Update steps?

[gotenks98]

Are you using the packages node? Or are you using a WSUS server and enabling the Windows Update steps?

Not sure what you mean, but here is what I am doing. I am creating a base install and updating it, writing down all th kb's and manually downloadinging all of them. I put all the x64 updates into a packages folder in mdt. When installing I have the apply patches part of my task sequence to run so I can patch in those updates on my other images. The problem is it usually fails on some update by saying it cant do some kind of offline servicing. Usually its when I find out a certain update cant be installed this way or even integrated into a wim file. I just need a way of knowing this ahead of time so I dont waste hours reading thru tons of setup logs to find where the problem is. I am currently testing this in a virtual machine to make it easier to check the logs by mounting the vhd file. The other images that are being used are untouched wim file from windows 7 sp1 retail disc.

[cluberti]

Yes, you're using the Packages node. While that should work, you have to be very careful about which updates go in there. The patches are applied offline via dism during setup (staged), and then are actually applied as the OS comes up after setup. This is, to put it kindly, fraught with danger. You would be much better off standing up a WSUS server and pointing the client at that via the wsusserver parameter in customsettings.ini (and enabling the Windows Update steps in the TS). Staging updates is much harder than letting wusa.exe handle these in an online, running OS (and allowing WU to do the logic on which updates need to be installed, and in what order).

[gotenks98]

The thing is I can not setup a server to do all this from. Here is my situation. We do a ton of support for students at my university. I have been trying to come up with a way to reinstall retail/oem versions of vista/7 quickly with them being patched and to cut down the crazy driver hunt we have to do with each reinstall. Since I cant use a server doing an install from usb with MDT seemed like a good option on doing this. I tried integrating updates and drivers into the install media but that ends up with 20+gb worth of drivers eating up space. So driver injection via mdt for only the specific hardware seems to be the easiest non-bloated approach.

[cluberti]

Yes, driver bloat happens if you're supporting a ton of different hardware. As to package install, if you *must* use the packages node, you're going to have to do some trial and error (and cbs/panther/setupapi log review) to figure out which patches you can install offline, and which ones are going to need to go into an application bundle and be installed via wusa.exe from the task sequence (or manually, although that sort of defeats the point).