Force Windows Update once image loaded

  • I’m new to FOG and imaging in general so be easy on this newb. Is there a way to specify that certain scripts should run post-image? I.e. Windows Update, installation .exe’s, packages etc.

    On a side note, can we specify user account information (name/password) and complete the entire process in a zero-touch way?

  • Windows updates event can be triggered with:

    wuauclt.exe /detectnow
  • Moderator

    @Quazz said in Force Windows Update once image loaded:

    @george1421 Wouldn’t it be better to let WSUS take care of the rebooting, since it sometimes needs to reboot in before it can install other updates?

    IMO The best choice is to use WSUS for windows updates.

    If you can’t use WSUS for some reason then an opensource group (similar to the FOG Project) created a utility called “WSUS Offline” that will download updates from M$ and cache them in a directory for you. Then you can run a second cmd file to install the software on the target computers. It is a pretty nice tool. I use it as a source for slipstreaming windows updates into the master windows wim file.

    But you are right too, some updates can only be applied before you must reboot the computer for the next round to be installed. We rebuild our master image once a quarter with the latest updates then post deployment there are only a few updates that is needed to be pushed out by wsus.

  • Moderator

    @george1421 Wouldn’t it be better to let WSUS take care of the rebooting, since it sometimes needs to reboot in before it can install other updates?

  • Moderator

    @ABane OK now that I had my first cup of coffee I can see where I misunderstood.

    In your case, I would use the wsus server if you have it.

    If you don’t have it you can use wsus off-line and the first run section of your unattend.xml file. You will have to configure your unattend.xml file to log in as a workstation administrator ( 1 ) time to run the first run commands. But then you can connect to the remote share where wsus offline is stored and run the cmd file. Once wsus offline completes then issue a shutdown.exe -r -t 10 to reboot the computer and it will be fully updated.

  • Excellent. Thanks for the replies @george1421 and @x23piracy. You are correct in that I am wanting the system to run the updates after the image is loaded to make sure that it is up to date rather than relying on my images being up to date.

  • Moderator

    @x23piracy If that is the case, then the OP should setup a WSUS server then windows updates will be deployed automatically.

    There is another option is to use a tool called wsus offline. WSUS Offline can be run from a command prompt against a network share. The OP would refresh the repository once a month and then deploy a FOG snapin that would call the wsus offline installer to update the windows updates on the target computers.

  • @george1421 Hi,

    i think what he ment was howto immediatelly bring a windows workstation to the state to search for updates and install them as fast as possible. Afai can think he don’t want to reimage each month to have always an up to date image…maybe?!

    Regards X23

  • Moderator

    I can say in my environment I use Microsoft MDT to create my reference image using the lite touch method. Then I sysprep the image, capture with FOG, and then deploy from FOG. With FOG deployment once I start the deployment I don’t touch the workstation until the install is done and its ready to move to the user’s work site. This system is fully configured with all applications and settings. It took me about 2 weeks to perfect this process using a combination of Microsoft and FOG technology to complete.

  • Moderator

    Typically you would install windows updates, .exes, packages, etc in your reference image before you captured it into FOG. But there are ways to do this post image install too. If you sysprep your reference image there is a windows batch file you can create called setupcomplete.cmd where you can call scripts. This batch file is executed after oobe is complete and just before the login window appears for the first time. This is a function of windows and not FOG.

    There is also a second place where you can place commands to execute. If you again sysprep your reference image and use an unattend.xml file you can tell windows to log in as an administrator and execute a first run section of your unattend.xml file.

    There is a third way to install applications (the FOG way), is to create snapins which are software packages that are called and installed post imaging from FOG. These snapins deliver the install packages to the target computers and then call the application silent installers to install the applications.