Hi, this has been asked in various formats on different sites but hoping trusty IT Ninja can help me.

WSUS is fine for patching PC's that have been live for ages but not so great for patching PC's that have just been built (I patch monthly). I've come to accept using WSUS to instantly patch a computer is not possible (without a great deal of effort, moving computer OU's etc).

So, next best option is to update the WIM image with all the currently approved updates. Easy right? Unfortunately no. To be clear, updating the offline WIM image is easy, obtaining the updates is not.

If you go to the Windows Update catalog, that's a lot of fun downloading updates one by one after searching, also one by one. Re-capturing the WIM image by way of sysprep etc on a monthly basis is also out of the question, for many reasons not least of all the remaining re-arm count :)

So that leaves somehow downloading updates in msu format but only downloading updates which I've already approved in WSUS or extracting updates from WSUS directly, but again msu format is required as you can only inject updates into a WIM using DISM if they are in .msu format.

So, obtaining updates...go! :-)



0 Comments   [ + ] Show Comments


Please log in to comment



I keep a master image that has never been sysprep'd so the rearm count remains 0.  I have a second hdd in my master system.  I use windows image backup and restore on my master so it never gets sysprep'd till I want to capture it for depolyment.  This master is in the domain so when I restore it, it reports in to sus and gets its updates.

It always creates a dir structure name WindowsImageBackup, I rename the old one so I can have archive copies and also can do many masters from the same machine.

my second drive has directories like






Answered 01/21/2014 by: SMal.tmcc
Red Belt

  • I just rename old one I need back to windowsimagebackup and when you boot with the dvd and go into "repair" - "restore your computer ..." it finds the one I want and restores it
Please log in to comment


Here's a KKE recording that specifically addresses keeping your system deployments up-to-date on patches:


The solutions covered include both injecting patches to Scripted Installs, and patching newly imaged machines, in a completely automated manner (hands-off).  Really.

Ron Colson

KACE Koach

Answered 01/22/2014 by: ronco
Second Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity