MDT: Install updates with WSUS


In this tutorial, I’ll explain how to enable Windows updates to a WSUS server when deploying an image with MDT.

Enable updates

Open the properties of an installation sequence, go to the Task Sequence 1 tab and activate one of the two update patches 2 by unchecking the Disable this step 3> box. > and click on the Apply 4 and OK 5 buttons.
Enable update task

Open the properties of the Deployment Share, go to the Rules 1 tab, in the Default section add the parameter WSUSServer 2 and click on Apply 3 and OK 4 .
WSUSServer parameter

At the next deployment the updates will be installed.
Installing updates during deployment

Set up client-side targeting

If client-side targeting is enabled on your WSUS server, there are small additional changes that must be made to perform updates when deploying with MDT.

Go into the properties of the task sequence and add a new task. Click on Add 1 / General 2 / Set Task Variable Sequence 3 .
Add task

Edit the new task, enter a name 1 , in the field Task Sequence Variable put WSUSGroup 2 , in the field Value indicate the name of the group WSUS 3 and click Apply 4 then OK 5 .
Edit task

It is now necessary to modify the ZTIWindowsUpdate.wsf file located in the Scripts folder of the Deployment Share folder.

Rechercher :

oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUServer", oEnvironment.Item("WsusServer"), "REG_SZ"
oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\WUStatusServer", oEnvironment.Item("WsusServer"), "REG_SZ"

Ajouter après :

If oEnvironment.Item("WSUSGroup") <> "" then
	oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroup", oEnvironment.Item("WSUSGroup"), "REG_SZ"
	oShell.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\TargetGroupEnabled", 00000001, "REG_DWORD"
End if


How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

We are sorry that this post was not useful for you!

Let us improve this post!

Related Posts

WSUS: automatic approval of updates
Introduction In this tutorial, we will see how to automatically approve definition updates on WSUS. Definition updates are available almost daily, automatic approval avoids doing so. Approve updates automatically 1. Go to the WSUS console in Options

WSUS: Set up client-side targeting
Presentation The client-side targeting on WSUS, when enabled, allows you to directly assign to a group declare in the console. This declaration is not done GPO or by modifying the register of the customer workstation. %start_p_primary%Once activated,

MDT: enable monitoring
Presentation In MDT, it is possible to activate the monitoring, which makes it possible to follow the deployment of the stations and to have a progress report from the console. The state of the deployments is kept for 3 days. Activation of the monito

Leave a Comment