Closed Bug 972575 Opened 10 years ago Closed 10 years ago

2008 bare metal provisioning base task sequence contacting WSUS to download and install approved updates

Categories

(Infrastructure & Operations :: RelOps: General, task)

Product:
Infrastructure & Operations
Component:
RelOps: General
Platform:
x86_64
Windows 7
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: markco, Assigned: markco)

References

Details

There are few separate parts in making this work. Because there is a preexisting w64 target group already set up on our WSUS instance the updates for 2008 was little bit easier. For other builds new groups will need to be set up and updates approved on the WSUS instance. 

The other parts that was needed:

customsettings.ini needed the following line:
WSUSServer=http://kms1.ad.mozilla.com (this will eventually change to WSUS1 instead of kms1) This line sets the server the machine will look for updates overriding reaching out to Microsoft for updates. 

Also requires a few registry changes to setup target group and enabling the local machine to be in a target group: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"TargetGroup"="w64"
"TargetGroupEnabled"=dword:00000001

Some additional registry items needs to be enabled: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAUShutdownOption"=dword:00000001
"EnableFeaturedSoftware"=dword:00000000
"NoAutoRebootWithLoggedOnUsers"=dword:00000001
"UseWUServer"=dword:00000001
"NoAutoUpdate"=dword:00000001

Lastly the in task sequences added a a command line step to run ZTIWindowsUpdate.wsf. This is a built in script in MDT.
Assignee: relops → mcornmesser
Blocks: 967076
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.