If youre using MDT you can easlily block updates int eh customsettings.ini file
WUMU_ExcludeKB001=XXXXXXX WUMU_ExcludeKB002=YYYYYYY WUMU_ExcludeKB003=ZZZZZZZ From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, April 28, 2014 10:44 AM To: [email protected] Subject: Re: [mssms] ConfigMgr TS and Multi-Reboot Updates That only works if you have a seperate wsus instance for your image builds, otherwise you’d be excluding your production systems from the same patches. I’ve switched to no OS patching in my base wim’s, and leverage ConfigMgr to offline inject them. Sent from Windows Mail From: Stuart Watret <mailto:[email protected]> Sent: Monday, April 28, 2014 10:41 AM To: [email protected] I got that bit, what I meant was, if you know these updates configure them so they are not available in WSUS. It's also a perfectly reasonable proposition and quite commen to create a new sub wsus server, just for builds, with a tight policy (to avoid these particular updates); then once built and after a change in OU and a new GPO they can chat to the main WSUS box and get those updates post-build. That said, I don't have any of those multiple restart issues and I'm using a similar method. Do you automatically approve the classification "Update Rollups"? It could be that, we only approve certain Update Rollups on account they can be the spawn of the devil. Stuart Watret Offshore - IT Ltd _____ From: [email protected] <[email protected]> on behalf of [email protected] <[email protected]> Sent: 28 April 2014 15:03 To: [email protected] Subject: Re: [mssms] ConfigMgr TS and Multi-Reboot Updates The issue is as follows, if your build can connect to a wsus server during the process, certain updates that require (forcE) multiple reboots will apply. This can outright break the task sequence process. Sent from Windows Mail From: Stuart Watret <mailto:[email protected]> Sent: Sunday, April 27, 2014 3:12 PM To: [email protected] Don’t understand why this is an issue. I use the same method, mdt script for updates in sccm TS’s. The policy of the WSUS server will dictate what it gets – check what you have enabled. Also, unless you specify a specific unattend file if you review the windowsupdate log post build you will see the client trying to go to MS for updates; our clients can’t, but it was adding 5 mins to the build while it timed out. If your clients can, then that may explain all the chuff…………… From: [email protected] [mailto:[email protected]] On Behalf Of Mark Gailey Sent: 26 April 2014 20:42 To: [email protected] Subject: Re: [mssms] ConfigMgr TS and Multi-Reboot Updates Ltisuspend - pause the TS and apply the updates and then resume. Do a search for pausing task sequences with MDT. On Apr 25, 2014, at 9:45 AM, Daniel Ratliff <[email protected]> wrote: There is probably a better way but if you are using the MDT .wsf and cannot filter certain updates, I think there is a reg key somewhere that allows you to specify updates not to install? I want to say I have seen it before with IE10/IE11? Daniel Ratliff From: [email protected] [mailto:[email protected]] On Behalf Of Jeff Poling Sent: Friday, April 25, 2014 12:24 PM To: [email protected] Subject: [mssms] ConfigMgr TS and Multi-Reboot Updates I am struggling to deal with the issue of Windows Updates that require multiple reboots killing task sequences. In my current environment, software updates are not yet integrated into ConfigMgr. Updates are installed using the MDT windowsupdate.wsf script and a TS variable that points to the local WSUS server. In a build and capture scenario, what is the best way to work around this issue? Any thoughts or insight is greatly appreciated! Thanks, Jeff The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
