Offline Servicing of VHDs against WSUS

Every month we are hit by Microsoft's patchday. And every month the same workflow fires: learn about updates, test, approve some, check compliance and manually fix machines with failed updates. But don't think you are done. You still need to update your offline VHDs.

5 Star
3,032 times
Add to favorites
Windows Update
E-mail Twitter Digg Facebook
  • $Debug & $Verbose Error
    1 Posts | Last post February 07, 2017
    • Hi Nicholas, 
      I failed using this script with the following error, please help:
      PS C:\Windows\system32> C:\Temp\Apply-WindowsUpdate.ps1
      cmdlet Apply-WindowsUpdate.ps1 at command pipeline position 1
      Supply values for the following parameters:
      VhdPath: C:\Temp\StoredNewBuild.vhd
      MountDir: D:\Temp
      WsusServerName: TBSTRSUS001D
      WsusContentPath: D:\Wsus\WsusContent
      The variable '$Debug' cannot be retrieved because it has not been set.
      At C:\Temp\Apply-WindowsUpdate.ps1:13 char:5
      + if ($Debug) {
      +     ~~~~~~
          + CategoryInfo          : InvalidOperation: (Debug:String) [], RuntimeException
          + FullyQualifiedErrorId : VariableIsUndefined
      The variable '$Verbose' cannot be retrieved because it has not been set.
      At C:\Temp\Apply-WindowsUpdate.ps1:19 char:5
      + if ($Verbose) {
      +     ~~~~~~~~
          + CategoryInfo          : InvalidOperation: (Verbose:String) [], RuntimeException
          + FullyQualifiedErrorId : VariableIsUndefined
      C:\Temp\Apply-WindowsUpdate.ps1 : VHD specified through parameter -VhdPath does not exist. Aborting.
          + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
          + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Apply-WindowsUpdate.ps1
  • Is there a option to take more performance to?
    2 Posts | Last post December 01, 2015
    • Hi Nicholas,
      BIG Thanks to you for this great Script!
      Today i run the script on our WSUS 2012R2 in Powershell_ise as Admin.
      I hve some Trouble like Charbel, but the scrit run:
      After the params, i get this ....
      Die Variable "$Debug" kann nicht abgerufen werden, weil sie nicht festgelegt wurde.
      In C:\util\VHDXvonISO\Apply-WindowsUpdate.ps1:13 Zeichen:5
      + if ($Debug) {
      +     ~~~~~~
          + CategoryInfo          : InvalidOperation: (Debug:String) [], RuntimeException
          + FullyQualifiedErrorId : VariableIsUndefined
      Die Variable "$Verbose" kann nicht abgerufen werden, weil sie nicht festgelegt wurde.
      In C:\util\VHDXvonISO\Apply-WindowsUpdate.ps1:19 Zeichen:5
      + if ($Verbose) {
      +     ~~~~~~~~
          + CategoryInfo          : InvalidOperation: (Verbose:String) [], RuntimeException
          + FullyQualifiedErrorId : VariableIsUndefined
      Most important for me is a option to take more speed, the last Action takes 170 Minutes! Thats normal? I see that every .cab file in wsus-content was searched. Is teher a option to optimize that?
    • Hello,
      can someone tell me how i do all approved updates for the OS i.e. Server 2012 R2 to inject?
      Not every approved Update will apply?
  • updating direct from
    1 Posts | Last post September 04, 2015
    • Hi I know this has been asked before but I am struggling to get it to work, I am trying to get my vhdx to update direct from Microsoft's update site.
      i have tried these paramiters
      -VhdPath D:\win81_base.vhdx -MountDir D:\temp\mnt1 -WsusServerName -WsusServerPort 80  -WsusContentPath D:\temp\updatecontent
      but get an error
      has anyone got this to work if so what parameters should I use
  • Why CMD DISM instead of PowerShell cmdlets?
    1 Posts | Last post July 16, 2015
    • I'm just curious.  Since this is a PowerShell script, why you are using the CMD DISM commands instead of using the PowerShell DISM cmdlets?
  • Why default SSL to false?
    1 Posts | Last post April 08, 2015
  • Office Updates?
    1 Posts | Last post January 28, 2015
    • Is it possible to include Office Updates (along with other Microsoft Updates)?
      I seem to have only received platform updates. 
      Thanks for your efforts!
  • Using with .wim instead of .vhd
    2 Posts | Last post January 14, 2015
    • Hi and thanks for your script from germany
      we are testing wds/mdt at the moment and are searching for a way of clean patching the install.wim. is it possible to use your script with wim-files? i tried it direct on my wsus and dism only offers the possibility to work with .wim files
      i began to change it in your script, but till now not very successful :(
      ps: your script seems to me very clean and "official" and not trying to install all updates in bruteforce-like way!
    • Litte update from me --> I think i managed to change the dism parameters to work with wim instead of vhd. but i can't finally test it, because i got an error when i ran the script :(
      Die Files-Eigenschaft wurde für dieses Objekt nicht gefunden. Stellen Sie sicher, dass sie vorhanden ist.
      Bei C:\temp\Apply-WindowsUpdate-STEFFEN.ps1:106 Zeichen:30
      +     $_.GetInstallableItems(). <<<< Files | Where { $_.FileUri.LocalPath -match '.cab' } | ForEach {
          + CategoryInfo          : InvalidOperation: (.:OperatorToken) [], RuntimeException
          + FullyQualifiedErrorId : PropertyNotFoundStrict
  • suggession
    1 Posts | Last post November 19, 2014
    • hi Nicolas, thanks for your script. there are some suggestions.
      1. make WsusTargetGroupName="All Computers" if someone does not provice targetGroupname
      2. using dism powershell module instead of dism command line ,because if you parse the output of dism command , you need deal with the OS language which the user use.for example ,my os language was chinese ,so the dism output prints chinese too.your script will broken on different language .
  • 2008 updates not installing
    2 Posts | Last post August 22, 2014
    • Hi Nicolas,
      Many thanks for this, it is going to be a massive time saver!!
      It works fine for me for a 2012R2 VHDX, but I am noticing that all the 2008R2 patches I come across seem to be missing the "Completely offline capable" property, so they are all being skipped. I wondered if you had come across that before, or maybe I was doing something wrong?
      Kind regards, and thanks again for a great script!
    • Microsoft says in about the values of this property:
      This field is only applicable to Windows® 8, Windows Server® 2012, and Windows® Preinstallation Environment (Windows PE) 4.0 target images.So I don't think it's strange they are skipped. 
      I wonder if this check is necessary because patches not completely offline capable get a status installpending after installation and are completely installed on first boot.
      Nicholas, can you tell me if there's a specific reason for including this check ?
      Anyway thanks for the script, can be very usefull
  • WSUS port is not right
    2 Posts | Last post May 26, 2014
    • You have stated in the discription
      .\Apply-WindowsUpdate.ps1 -VhdPath C:\PATH\TO\YOUR.VHD -MountDir C:\TEMP\MOUNT -WsusServerName WSUS.YOURDOMAIN.LOCAL -WsusServerPort 8350 -WsusTargetGroupName "Windows Server 2012 R2" -WsusContentPath \\WSUS\WsusContent
      But the WSUSserverport is 8530 instead of 8350
      Thanx for the script!!
    • Thank you for the heads up! I'll fix this immediately!
1 - 10 of 15 Items