Install latest Software Updates during OSD using Config Manager and Automatic Deployment Rules

Visitor

How can we do this so that Patch Tuesday updates are automatically approved and installed on any new bare metal devices we deploy an image to using Config Manager 1702?  Could we also enable Express Updates so that these new machines can be patched faster?

2 Replies

You have a couple of options here. Automatic Deployment Rules (ADRs) are able to deploy approve and deploy updates, but often customers choose to phase this rollout to validate the patches dont clash with any apps or utilities you may have "out in the wild". 

 

https://docs.microsoft.com/en-us/sccm/sum/deploy-use/automatically-deploy-software-updates

 

You can also look at offline servicing for images so that the patches are included in the image before it's even transmitted to the device and applied. this has the benefit of being both the most secure AND quick as there is likely no increase in build time. It also means you dont have to recapture your WIM as often.

I can't talk much about your specific scenario, but I think SCCM allow you to apply update (OS updates) to your image (WIM) before deployment.  If you install software in your TS, you'll still need to update them these software post deployment or apply these updates later in the task sequence, and I believe you might have to target unknown computer to achieve that