Close

June 29, 2017

Automatic Download and Import of Updates into MDT

Deploying Windows Updates with MDT

A couple of months back, I sent an email to the Microsoft MVP mailing list to see if anyone knew of a JSON feed of Windows 10 updates from Microsoft . I’d found a way to grab the latest Firefox version via PowerShell and was hoping to do something similar for Windows 10. Keith Garner responded with something even better – a working script that pulls from a JSON resource on the Windows 10 and Windows Server 2016 Update History page, to return the most recent cumulative update.

So this gave me what I needed – a way to pull the latest update which I could then import into an MDT share, ensuring that a machine is deployed with the latest cumulative update at deployment time, or ideal for creating reference images.

I’ve taken Keith’s original version of the script Get-LatestUpdate.ps1 and modified it for my own requirements and created an import script – Import-Update.ps1. This enables you to automate downloading the latest cumulative updates and import them into a target MDT deployment share. This could be run as a scheduled task to keep your deployment shares always to date.

The scripts can be downloaded from GitHub in my MDT repository: https://github.com/aaronparker/MDT

Downloading and importing updates into MDT via PowerShell

Downloading and importing updates into MDT via PowerShell

Get-LatestUpdate

Much like Keith’s original, this version of the script will pull the latest update from the JSON feed, query and parse the Microsoft Update Catalog and return the latest cumulative update. With this, you can optionally download the update to the current folder or one specified with the Path parameter.

Get-LatestUpdates.ps1 - downloading updates

Get-LatestUpdates.ps1 – downloading updates

The script outputs an object that lists details about the update that you could use for various purposes. Adding the Download parameter will download the update and the output will include the file name and the download location.

Get-LatestUpdates.ps1 - latest update downloaded

Get-LatestUpdate.ps1 – latest update downloaded

Get-LatestUpdate.ps1 supports a number of parameters, all of which are optional:

  • Build – the Current Branch build (15063) will always be the default. Other build numbers (e.g. 14393) can be specified
  • SearchString – the default cumulative updates returned will be the cumulative update for Windows 10 x64. The search string can be modified to
  • Download – add this switch parameter to download the update returned. If the update already exists in the folder specified by Path, it won’t be downloaded again
  • Path – specify a path to download the update to. If not used, the update will be downloaded to the current directory

Output

Get-LatestUpdate.ps1 will output an object that includes details about the update that has been gathered, including the KB article, the description of the update, the URL to the download. If the Download parameter is used this will also return the update file name and the path where the update has been saved. This object can then be passed to Import-Update.ps1 that will use the UpdatePath property to import updates stored in that folder (note that it will import all updates from that folder).

Import-Update

Import-Update.ps1 is used to import update packages from a target folder into the Packages node in an MDT deployment share. This will accept the output from Get-LatestUpdate.ps1 or can be used to import updates that already exist in a target folder, specified by the UpdatePath parameter.

Import-Updates.ps1 - importing an update into MDT

Import-Updates.ps1 – importing an update into MDT

Import-Update.ps1 supports a number of parameters:

  • UpdatePath – a folder that contains the target update or updates to import into the deployment share. This path can be piped to this script. This parameter is mandatory
  • SharePath – the path to the top-level folder for the MDT deployment share. This parameter is mandatory
  • PackagePath – you can optionally specify a path under the Packages node in the deployment share to import the update packages into
  • Clean – this is a switch parameter that will tell the script to remove any existing update packages in path specified by PackagePath before importing the new updates.

Using Both Scripts to Download and Import Updates into MDT

Because Get-LatestUpdates.ps1 outputs an object that can be passed to Import-Update.ps1 on the pipeline, a single command line can be used to get the latest update for a specific operating system, download the update locally and import it into an MDT deployment share. For example, I can use the following command line to download the Windows 10 x64 Current Branch (build 15063) and import it into my deployment share used to build Reference images:

Which looks like this:

Using Get-LatestUpdates.ps1 and the pipeline to pass updates to Import-Update.ps1

Using Get-LatestUpdates.ps1 and the pipeline to pass updates to Import-Update.ps1

In the MDT Workbench, we have the latest Windows 10 Cumulative update in the Packages node which will be applied offline during the operating system deployment:

Latest Windows 10 Cumulative update in the Packages node

Latest Windows 10 Cumulative update in the Packages node

Now I have something that I could run as a scheduled task to keep my deployment share always up to date without interaction. Note that both script support verbose output so that you can track what’s going on in detail while the script is running.

Future

There are likely some changes and additions I could make to this script, so feedback is welcome. Future changes might include:

  • Add support for Windows 7, Windows Server 2012 R2 etc. into Get-LatestUpdate.ps1. The way that Keith has written the script lends itself to support other Windows versions
  • Compare the existing update in MDT before importing an update – if the existing update matches the latest update, there’s no need to re-import the update

 

8 Comments on “Automatic Download and Import of Updates into MDT

digitalover
July 3, 2017 at 3:56 am

Cool script, do you think this can be useful with SCCM too? I know SCCM has it’s own update functionality and maybe not needed in that case..
Zero Touch Updating 😉

Reply
Aaron Parker
July 3, 2017 at 8:50 am

I don’t think so; however, if you’re recreating your reference images from MDT and then importing the custom WIM into ConfigMgr, you’ll get the same effect.

Reply
Pavan Ayyagari
July 6, 2017 at 2:46 pm

Aaron,
Thank you for the script. So just download both the scripts and run them as a part of task sequence for MDT? Kind of confused on how to use them? Thanks,
Pavan

Reply
Aaron Parker
July 6, 2017 at 11:57 pm

No, it’s for importing the updates into the Packages node in MDT for offline deployment during OSD

Reply
Brian Sprogø
July 19, 2017 at 7:12 pm

Very cool way of updating… but…
Doesn’t seem to pick up on the latest 1607 (14393) update.
KB should be KB4025339 for july update.
I can see that the JSON returned is missing this.
Get-LatestUpdate returns nothing.
The other 3 build numbers is working as they should.
Any solution that you know of ?

Reply
Aaron Parker
July 20, 2017 at 3:24 pm

Right now, if I run: .Get-LatestUpdate.ps1 -Build 14393 | fl, I get two updates returned (I should only have the single update returned):

KB : KB4025334
Note : 2017-07 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4025334)
URL : http://download.windowsupdate.com/c/msdownload/update/software/updt/2017/07/windows10.0-kb4025334-x64_92232fdb18a81d8c6d6c413188df2fd094a0eb29.msu

KB : KB4025334
Note : 2017-07 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4025334)
URL : http://download.windowsupdate.com/c/msdownload/update/software/updt/2017/07/windows10.0-kb4025334-x64_92232fdb18a81d8c6d6c413188df2fd094a0eb29.msu

Based on the update page, KB4025334 is the latest – is that not correct?

Reply
Brian Sprogø
July 20, 2017 at 4:04 pm

Thanks for your time with this.
When I run the script now I get 2 results as well.
If I look at Microsoft Update Catalog now I can see that the date for KB4025334 is today.
Looking up KB4025339 it has a date of yesterday.
I guess they must have been updating when I ran the script yesterday

Reply
Aaron Parker
July 20, 2017 at 4:48 pm

I need to test with what happens with the -Download parameter with 2 updates. Let me know what else you run into. Bug reports can also be logged on GitHub.

Reply

Leave a Reply

Your email address will not be published. Required fields are marked *