Approving Windows Updates in an MDT 2010 Standalone Environment from a ConfigMgr Software Update Point

You’ve no doubt read some of the benefits around using the Software Update Point features of ConfigMgr. However, if you are already using MDT standalone as an Image Engineering environment – there is sometimes a duplication in having to manage software updates in both environments. The most common solution is to set up an external standalone WSUS server for your reference machine to pull down updates. However, it would be ideal to have a single place to manage the approval and download of updates for both the deployed machines in ConfigMgr environment and the reference machine during an image capture in the MDT standalone environment.

To create a right click action to approve Update Lists in a standalone WSUS Server:

1. Create your Software Update Lists in ConfigMgr and assign them to a Deployment Package. Download and approve the updates as you would normally in ConfigMgr by creating a Deployment Template.

2. Synchronize your external standalone WSUS server with Microsoft to pull down updates. Note this server should not be a Software Update Point.

3. Download the attached scripts to create a right click action:

a) Copy the a7252c9e-3137-49a4-a8f2-13d17bb8abd0 folder to your ConfigMgr site server  e.g. %ProgramFiles%\Microsoft Configuration Manager\AdminUI\XMLStorage\Extensions\Actions. Substitute the first part of the path with your ConfigMgr path.

b) Copy the ApproveUpdatesToWSUS.ps1 script to a new folder at %ProgramFiles%\OSDLifeCycle\Scripts . Ensure that powershell is installed on your server and that the execution policy is set appropriately.

c) Edit the ApproveUpdatesToWSUS.ps1 file and replace MYUPDATESERVER with the name of you standalone WSUS server.

image

4. Reload your ConfigMgr Console using an account that is the WSUS Administrators local group on the WSUS Server.

5. Right Click on your update list and you should see “Publish these updates in a WSUS Server”. NOTE: This will accept the EULA of any of the updates in the Update List. Ensure you review any EULAs in ConfigMgr before choosing this option.

Publish Right Click action

6. Ensure the updates were approved successfully and close the powershell window.

7. In the customsettings.ini file of your MDT Image Engineering environment set the WSUSServer variable to equal the location of your server (e.g.WSUSServer=https://MyUpdateServer)

8. Update your Deployment Share

This post was contributed by Aly Shivji a consultant with Microsoft Services - U.S. East Region.

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use .

ApproveUpdatesinWSUS.zip