Partilhar via


Getting Microsoft Deployment Toolkit 2008 to install updates from WSUS

Microsoft Deployment Toolkit contains a script named ZTIWindowsUpdate.wsf that can be enabled to run during Lite Touch OS deployments.  By default, it will talk to the Microsoft Update site on the internet to get the latest updates needed for your Windows OS and Microsoft applications like Office.  But you might not want all of the machines you deploy doing that.  So with MDT 2008, we added the ability to install updates from a WSUS server.  The "Toolkit Reference" document describes the basic process:

MDT 2008 can also configure WUA to collect updates from computers on the corporate network that are running WSUS instead of connecting to Microsoft Updates over the Internet. MDT 2008 can optionally configure WUA to use a specific computer running WSUS using the WSUSServer property.

But the actual description of the WSUSServer property, and a sample of how to set it, was accidentally left out of the documentation.  This needs to be configured via CustomSettings.ini by adding an entry that looks like this:

WSUSServer=https://mywsusservername

With that set, the ZTIWindowsUpdate.wsf script will automatically configure the Windows Update Agent to talk to this WSUS server instead of using Microsoft Update.

One other note: the new OS being deployed to the machine must be running a supported version of the Windows Update Agent (WUA).  Windows XP and Windows Server 2003 don't contain that needed version, so they need to be upgraded.  This will be done automatically by the script, downloading the files from the internet if necessary.  But it would be more efficient for you to download them in advance and place them where the script can find them.  Again from the documentation:

For additional information and for WUA deployment instructions, go to https://technet.microsoft.com/en-us/library/bb932139.aspx.

You can obtain the latest version of the WUA stand-alone installer for:

Windows Vista and Windows Server 2008 include the most recent version of WUA, so no upgrade is necessary for these operating systems. In Windows XP and Windows Server 2003, one of the following will occur:

  • If the WUA 3.0 stand-alone installer files are in the TOOLS\architecture folder (where architecture is either x86 or x64) on the deployment point, MDT 2008 will automatically install WUA on the target computer.

    When downloading the WUA 3.0 stand-alone installer files, save them in the distribution\TOOLS\architecture folder (where distribution is the folder where the distribution point is created).

  • If the WUA 3.0 stand-alone installer files are not in the TOOLS\architecture folder on the deployment point and if the existing version of WUA is configured for a WSUS server, then WUA will attempt to update itself from a WSUS server. If the existing version of WUA is not configured for a WSUS server, then MDT 2008 will attempt to download and install WUA 3.0 from the Microsoft Update site. In this case, Internet access is required for the target computer.

So if you set WSUSServer and download the updated stand-alone installers, then the ZTIWindowsUpdate.wsf script will be able to update your computer without access the internet to do so.

Comments

  • Anonymous
    January 01, 2003
    I suppose it could, but the built-in ConfigMgr install updates pretty much does the same thing already (with ConfigMgr managing and controlling the WSUS server). -Michael

  • Anonymous
    January 01, 2003
    That should do it.  Can you e-mail me the BDD.LOG from a deployment to see what it did?  (Make sure you really are running MDT 2008 Update 1 or later.) -Michael

  • Anonymous
    January 01, 2003
    Michael, When it connects to WSUS, does it only install the required updates, or does it try to install everything, including updates already installed?

  • Anonymous
    January 01, 2003
    But in case of the configmgr isntall updates, you need to enable and configure Software Updates in SCCM and create software update packages etc?

  • Anonymous
    January 01, 2003
    Michael Niehaus tells us how... http://blogs.technet.com/mniehaus/archive/2008/05/02/getting-microsoft

  • Anonymous
    January 01, 2003
    I am having a heck of a time figuring out why the WUA will not automatically install from my deployment point. The BDD log state the agent is about to install, gives the correct share name and platform exe. Then just sits tight there, not actually installing. As a test, I connected to the share name and manually installed the agent, restarted and it picked right up. Any ideas?

  • Anonymous
    January 01, 2003
    Ok...question, i'm trying to enable WSUS updates to be installed via MDT deployment.  I enable it in the task sequence, and make sure i've updated my customsettings.ini file with the following [Settings] Priority=Default WSUSServer=http://myservername_omitedforsecurity but when it runs, it pulls from the interent.  Upon investigating, i notice its because its not adding the registry entries to make it pull from my WSUS Server so, is there anything else i have to do, after I edit my customsettings.ini file and then update the WinPE boot image?  Anything else i need to do?  Any help would be great!  thanks

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Yes, that would be needed.

  • Anonymous
    January 01, 2003
    Could this MDT feature to install all approved updates directly via WSUS (which is a very nice feature!!) also be used in SCCM OSD task sequences(so without Software Updates configured on the SCCM server)?