But what does that buy you over having an apply software updates step in your task sequence?
----- Dwayne Allen [email protected] (479) 310-0027 On Wed, Oct 29, 2014 at 8:40 AM, Jason Wallace <[email protected]> wrote: > They are deployed as the OS boots for the first time so from a security > perspective it is better than having a vulnerable system on the LAN while > updates are deployed. > > > > On 29 Oct 2014, at 14:08, Bradley, Matt <[email protected]> wrote: > > When you say not all updates can be injected, do you mean things like > Office updates, or are there others that a person would miss? > > > > I also didn’t realize injecting the updates to the image didn’t actually > install them. If they are only the installed after an OSD, then I’m even > more inclined not to inject. I might image two PC’s as a test, one with > the patches already installed, one with them injected, and see which one > builds faster. > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Jason Sandys > *Sent:* Tuesday, October 28, 2014 10:06 AM > *To:* [email protected] > *Subject:* [mssms] RE: Patch/WIM Injection > > > > First, not all updates can be injected into a WIM so even if you do employ > image servicing, it is not sufficient to deploy a fully patched image. > Thus, you really should be capturing a new image periodically no matter > what – if you are using a build and capture task sequence (whether in MDT > or ConfigMgr) then this is a trivial task (beware of the double reboots in > ConfigMgr though L). > > > > Offline servicing in ConfigMgr has had issues (not really ConfigMgr’s > fault to my knowledge but that’s beside the point) and is why some/many > people shy away from using image servicing. Also note that image servicing > doesn’t actually install the updates. It merely injects them into the WIM > for installation during Windows Setup so it really doesn’t save you as much > as you think it does in terms of time or space. > > > > J > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Bradley, Matt > *Sent:* Tuesday, October 28, 2014 9:55 AM > *To:* [email protected] > *Subject:* [mssms] Patch/WIM Injection > > > > I’ve read that some people do not like injecting monthly patches directly > into the OS WIM. Some prefer to just capture reference images. Being that > a bad patch could be removed from a WIM if it was determined to be bad, I’d > like to hear some feedback on why some choose to still stay away from this > method, and stay with reference image capture. > > > > Thanks. > > > > > > >
