In this tutorial, I’ll explain how to enable Windows updates to a WSUS server when deploying an image with MDT.
Enable updates
Open the properties of an installation sequence, go to the Task Sequence 1 tab and activate one of the two update patches 2 by unchecking the Disable this step 3> box. > and click on the Apply 4 and OK 5 buttons.
Open the properties of the Deployment Share, go to the Rules 1 tab, in the Default section add the parameter WSUSServer 2 and click on Apply 3 and OK 4 .
At the next deployment the updates will be installed.
Set up client-side targeting
If client-side targeting is enabled on your WSUS server, there are small additional changes that must be made to perform updates when deploying with MDT.
Go into the properties of the task sequence and add a new task. Click on Add 1 / General 2 / Set Task Variable Sequence 3 .
Edit the new task, enter a name 1 , in the field Task Sequence Variable put WSUSGroup 2 , in the field Value indicate the name of the group WSUS 3 and click Apply 4 then OK 5 .
It is now necessary to modify the ZTIWindowsUpdate.wsf file located in the Scripts folder of the Deployment Share folder.
Search:
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer", oEnvironment.Item("WsusServer"), "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer", oEnvironment.Item("WsusServer"), "REG_SZ"
Add :
If oEnvironment.Item("WSUSGroup") <> "" then
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
End if