Build Windows 7 images faster by patching them faster

I’m sure you’ve noticed that when building a new Windows 7 SP1 image that there are a lot of updates that need to be installed.  And these installations can take a while, whether pulling those updates from Windows Update directly or from WSUS.  But the performance can be improved.

First, see Justin Chalfant’s blog post at https://blogs.technet.com/b/jchalfant/archive/2016/02/10/updating-windows-7-update-agent-in-a-mdt-or-sccm-task-sequence-prior-to-installing-updates.aspx to see the results of testing with newer Windows Update agents, which offer improved performance.  The TL;DR summary is that you should inject https://support.microsoft.com/en-us/kb/3112343 (or eventually, any newer versions that supersede it) into Windows 7 prior to updating from WU or WSUS.  There’s a really simple way to do that with MDT:

MDT will automatically inject the new Windows Update agent into Windows 7 as part of the initial installation, so by the time it gets to any Windows Update steps the new agent will be in place.

Next, if you are using WSUS, there are some “best practices” for keeping things clean.  See a few links for that:

Also note that MDT 2013 Update 1 and later include logic that cause an automatic reboot after 100 patches before continuing on with the rest of the batch.  This was done because of issues with the Windows Update agent when it tried to install hundreds of patches at once.  With the new agent, that logic might not be needed any more – I haven’t tried it, but if you want to cut out a couple of reboots, you could experiment with changing the MAX_UPDATES constant at the top of the ZTIWindowsUpdate.wsf script to a larger value.