They are deployed as the OS boots for the first time so from a security perspective it is better than having a vulnerable system on the LAN while updates are deployed.
> On 29 Oct 2014, at 14:08, Bradley, Matt <[email protected]> wrote: > > When you say not all updates can be injected, do you mean things like Office > updates, or are there others that a person would miss? > > I also didn’t realize injecting the updates to the image didn’t actually > install them. If they are only the installed after an OSD, then I’m even > more inclined not to inject. I might image two PC’s as a test, one with the > patches already installed, one with them injected, and see which one builds > faster. > > From: [email protected] [mailto:[email protected]] > On Behalf Of Jason Sandys > Sent: Tuesday, October 28, 2014 10:06 AM > To: [email protected] > Subject: [mssms] RE: Patch/WIM Injection > > First, not all updates can be injected into a WIM so even if you do employ > image servicing, it is not sufficient to deploy a fully patched image. Thus, > you really should be capturing a new image periodically no matter what – if > you are using a build and capture task sequence (whether in MDT or ConfigMgr) > then this is a trivial task (beware of the double reboots in ConfigMgr though > L). > > Offline servicing in ConfigMgr has had issues (not really ConfigMgr’s fault > to my knowledge but that’s beside the point) and is why some/many people shy > away from using image servicing. Also note that image servicing doesn’t > actually install the updates. It merely injects them into the WIM for > installation during Windows Setup so it really doesn’t save you as much as > you think it does in terms of time or space. > > J > > From: [email protected] [mailto:[email protected]] > On Behalf Of Bradley, Matt > Sent: Tuesday, October 28, 2014 9:55 AM > To: [email protected] > Subject: [mssms] Patch/WIM Injection > > I’ve read that some people do not like injecting monthly patches directly > into the OS WIM. Some prefer to just capture reference images. Being that a > bad patch could be removed from a WIM if it was determined to be bad, I’d > like to hear some feedback on why some choose to still stay away from this > method, and stay with reference image capture. > > Thanks. > > >
