Windows 7 enterprise + security updates how to make this easier

[adriansweden]

Hi folks, I have sccm2007 , No WSUS no MDT .

 

When we deploy machines everthing works fine , but the security updates are driving me nuts.

When the machine gets deployed and it promtps to ctrl + alt + delet login, we log in on each machine and run updates manually over internet, the updates mostly are .net framework security, lync security se this print screen about the updates http://s11.postimage.org/8o94yk4wz/winupdate.png .

 

My question when we log on machine and run manually 50 criticial updates, there is a reboot, then we have to log in again, run updates and there are 3 critical updates then reboot, then there are 7 critical updates and reboot . How to make this easier so we don't have to log on each machine and reboot 3 times, we deploy around 100-200 machines/week . how to make this easier how to get those critical updates and no need to log on each machine 3 times .

 

have a funny day

 

[Jorgen Nilsson]

Hi,

If you deploy around 100-200 Machines each week I would consider installing a WSUS server to mange them, How do you manage updates after the deployment, from Microsoft Update?

You can use the install software updates script from MDT and use it standalone i SCCM 2007 and deploy the updates from internet directly.

Check out this post by Chris Nackers on the topic:http://www.chrisnackers.com/2011/04/28/using-ztiwindowsupdate-wsf-to-install-updates-in-a-system-center-configuration-manager-task-sequence/

Regards,
Jörgen

[adriansweden]

Hello, yes after the deployment is finished, we log on manually on machines and cotrol panel search windows updates?

there are 50 security updates first then reboot then, 3 updates then reboot then 7 updates then reboot .

 

Iam following your link tutorial but it loooks advanced stuff to me

 

In order to use the ztiwindowsupdate.wsf script, we also need to have ZTIUtility.vbs available to the script. So first, lets create a package called “ZTIWindowsUpdate” that contains the ztiwindowsupdate.wsf and ztiutility.vbs script.

 

Iam lost allready here , how to create those packages ?

[Rocket Man]

If you are not implementing WSUS then why do you not install these updates in you master image before you capture it and redeploy, would make alot of sense to do this initially considering your infrastructure and it would only require you to do it the once also, instead of every instance of the thin image!!

The sysprep may wipe some updates but not a whole big pile, if any!

[Oneone]

I would say , do a new build and capture and include all new updates for the image.

 

Then get the WSUS role and SUP on the SCCM server, this will make your life alot easyer

 

OR if you have CM 2012 in maybe a lab enviorment you could copy the windows 7 WIM file to that server and run Offline Servicing, ofc you would need WSUS and a SUP to do that but like i said before, and others to gogo wsus it never to late

to learn.

[adriansweden]

If you are not implementing WSUS then why do you not install these updates in you master image before you capture it and redeploy, would make alot of sense to do this initially considering your infrastructure and it would only require you to do it the once also, instead of every instance of the thin image!!

The sysprep may wipe some updates but not a whole big pile, if any!

RocketMan : I can not install those updates on the image, the updates are .net framework security updates, lync updates,forefront security updates, office security updates, I can not add them on .wim ?

[Rocket Man]

Well I know what i'd be doing if I had no WSUS:

1: Implement WSUS

OR

2: Install .net framework, Office, Lync on the master image before capture and do updates also before capture.

 

Considering you have 100-200 machines to do weekly, I think option 2 is better, can be quite slow sometimes for clients(100-200 p/w) to do all updates via SCCM/WSUS, but I would still consider implementing it anyway so that these machines that you image on a weekly basis continue to get updates the configMgr way!

 

 

OR if you have CM 2012 in maybe a lab enviorment you could copy the windows 7 WIM file to that server and run Offline Servicing

 

And as OneOne mentioned you could be continuously servicing your wim image weekly offline and redeploying the most up to date image possible every

week!!

http://www.windows-noob.com/forums/index.php?/topic/4683-using-sccm-2012-rc-in-a-lab-part-12-updating-an-operating-system-image-using-offline-servicing/

[adriansweden]

Well I know what i'd be doing if I had no WSUS:

1: Implement WSUS

OR

2: Install .net framework, Office, Lync on the master image before capture and do updates also before capture.

 

Considering you have 100-200 machines to do weekly, I think option 2 is better, can be quite slow sometimes for clients(100-200 p/w) to do all updates via SCCM/WSUS, but I would still consider implementing it anyway so that these machines that you image on a weekly basis continue to get updates the configMgr way!

 

 

And as OneOne mentioned you could be continuously servicing your wim image weekly offline and redeploying the most up to date image possible every

week!!

http://www.windows-noob.com/forums/index.php?/topic/4683-using-sccm-2012-rc-in-a-lab-part-12-updating-an-operating-system-image-using-offline-servicing/

 

 

I can not install .net framework security updates on master image IT DOES NOT WORK

[willisj318]

I can not install .net framework security updates on master image IT DOES NOT WORK

Of course it does. When creating a master image, make sure your .net flavors are installed, run windows update, it updates. Capture image.