ITS Partners Insights

Applying Windows Updates using the Windows 7 Convenience Rollup in Configuration Manager or MDT

Written by Adam Eaddy | May 31, 2016

In this post I am going to review the process of applying the Windows 7 Convenience roll-up package during the image build and capture process. (This is not a service pack, as a service pack would extend OS supportability.)

Edit 05/27/2016: It has been brought to my attention that there is a newer version of the WU agent that can be applied during this process. Although I have not tested it, I am sure that it works fine. You can find this update here. https://support.microsoft.com/en-us/kb/3138612. This would be in place of KB3083710 AND KB3102810. Thanks to Mr. Bill Dunn for pointing this out.

In cased you’re not familiar, Microsoft released a “convenience roll-up package” for Windows 7 and Server 2008 R2 right around 05/17/2016. You can find details about them here

Microsoft states, and I quote:

“This rollup package includes almost all the updates that were released after the release of SP1 for Windows 7 and Windows Server 2008 R2, through April 2016. This convenience rollup is intended to make it easy to integrate fixes that were released after SP1 for Windows 7 and Windows Server 2008 R2. We recommend that you include this rollup package in the image creation process to make it easier to quickly set up a computer.” ~reference

There are two Microsoft requirements that have to be in place before applying the convenience roll-up.  Those requirements are:
  1. Service Pack 1 for Windows 7 or Windows Server 2008 R2 (KB976932)
  2. April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2 (KB3020369)

I am writing this article assuming everyone is using media that already contains Service Pack 1.  If it does not, I recommend you acquire media that already contains Service Pack 1.  

It has also been recommended by the community to apply 2 patches before the Servicing Stack.  These patches are to prevent the Windows Update agent from becoming unresponsive during the patching process.  I have not experienced this behavior, but find it prudent to simply apply them to prevent it from potentially happening.   The updates can be found at each location respectively.

Make sure to download the update for your appropriate architecture.  I used all x64 for my testing.

After downloading all 4 patches, you will want to make a package for each update. The concept is the same in both Configuration Manager and MDT.  Although I will not be showing you how to create a package in either tool,  I will provide the installation order and command line options needed to accomplish creating the package.

The installation order and installation strings are as follows:

  1. KB3102810
    1. wusa.exe Windows6.1-KB3102810-x64.msu /quiet /norestart
  2. KB3083710
    1. wusa.exe Windows6.1-KB3083710-x64.msu /quiet /norestart
  3. Restart Computer
  4.  KB3020369
    1. wusa.exe Windows6.1-KB3020369-x64.msu /quiet /norestart
  5. KB3125574-v4-x64.msu
    1. wusa.exe Windows6.1-KB3125574-v4-x64.msu /quiet /norestart
  6. Restart Computer

You can see my task sequence here:

Apply these updates sometime after the “Setup Windows and Configuration Manager” step and before your “Apply Updates” step.

After applying the convenience roll-up, I still run the Windows update tasks.  I run 3 passes and still installed approximately 80 updates.

So after all of this, a job that I have literally seen run for up to 8 hours, and cause all kinds of failures, is running fairly fast.  Approximately 4 hours.  I would say that is a substantial increase in time saved from 8.