Need help identifying if patches are actually installed after injection

Topic

New Reply

Hello,

I’m trying to create a new image for Windows Server 2012 R2 Standard with all of the latest updates already injected or slipstreamed into the ISO. I found a number of different ways to do this but it all has the basic principles of using DISM to achieve it.

The best way I found was to use a free tool called NTLite to help automate the process some. I’m running into a weird issue though where NTLite will appear to inject all of the updates into the ISO, but I have doubts as to if it truly does.

The reason I’m questioning it is because after it says it took the approximately 180 updates and injected them into the new .wim file, the new .wim file is only about 400 Mb bigger than the original. I did try an in place upgrade of a 2008 R2 server using the new ISO with the new .wim, and it seemed fine. While checking the view installed updates under Programs and Features it did show all of the new updates as well. Great I thought. But then when I went to scan for new updates using Microsoft’s update site, it showed that I needed around 180 updates. I compared the list from the updates site and what was in View Installed Updates and they were all of the same. I continued with the installation and it went through and installed all of them fine.

So that made me think – did it actually install the updates with the new ISO or no? Or did it just report that they were there when in reality they were not. Right after the upgrade with the new ISO, I checked the Download folder under SoftwareDistribution and that was empty. After installing the updates from the Microsoft Update site, then were of course now in that folder.

So my question is…how could i verify for sure that updates are really installed using my new ISO with them injected? Where could I look for a definitive answer? registry or certain folders? They have to live somewhere besides the Download folder right? I would hate to upgrade a bunch of machines and assume they have the latest updates on them, when in reality they don’t. Any help pointing me to an answer would be great. Thanks!

Reply | Quote

Replies

The implication of your post is that NTlite doesn’t correctly inject the updates.
I would try to inject them with DISM, or just install server, let it update, then reset OOBE to make an image.

cheers, Paul

1 user thanked author for this post.

barcode2328

Reply | Quote

Hello Paul,

I did try using DISM raw with command line and that’s not working either. I downloaded the updates with the WSUS offline tool and followed through the steps of getting the correct index, mounting the .wim and adding the packages to the mount. That didn’t work out so well. It errored out on a lot of them and added just a handful of them into the .wim it appeared.

I am going to look into your recommendation of resetting the OOBE. I haven’t done anything like that before, but I am going to research and give it a try.

Thanks

Reply | Quote

[BobbyB]

I had a flirtation with NTLite many Moons ago and had concerns whether it was up to the Job as it took literally ages to run, no surprise really with DISM, and apparently didn’t seem to get the whole Job done. So basically went back to doing it old School from the CMD line there’s one or two utils out there that can ease the pain VDISM, DISM GUI, and DISM ++. (VDISM is my favourite but alas its been gone for a while and the only sources I can find keep flagging with an AV, Defender, possibly false positives but not taking any chances here.)
If time Management is an issue in the Work Environment, I generally divide the Packages up according to dependency or create Folders e.g. if say update B requires update A as a pre requisite then A goes in Packages1 and update B goes in packages2 etc you’ll probably know for loose Misc. updates you can throw them all in a folder and they will install generally in Sequence. So in the above scenario all the rest without dependancies would get tossed in to Packages3. Again a bit of legwork or reading but I use the Test Machine in the Corner and let it run for the time it needs whilst the other mundanity of Work gets done, when one Package is installed arrow up in CMD prompt and change the number from PackagesX to PackagesY you can call them whatever you like I suppose. Its a variation on a theme of adding Drivers if you like the old /RECURSE CMD switch. You can scroll through your screens for what’s not added or look for the error Messages after each Package add. Any further doubts you can run:
Dism /image:C:\test\offline /Get-Packages which will list individual Patches as installed, on your mounted Image. Hope that works for you, as alas its not a “set it and forget it” Scenario, but hopefully eases the burden of individually installing Patch by Patch.

PSAfter re-reading your original post I might just add take your Original .ISO and extract Contents to folder using 7Zip and mount your install.wim or install.esd from the extracted files folder to your mount folder then work on it there with DISM. When your done, unmount your install.wim or install.esd remake your .ISO with either OSCDIMG (removes duplicate files but is an horrendously long CMD string) or Back Box .ISO cheap (free) cheerful and quick. Never a problem with Rufus and the like if your going with the USB install or other upgrade method.

• This reply was modified 5 years, 11 months ago by BobbyB.
• This reply was modified 5 years, 11 months ago by BobbyB.

1 user thanked author for this post.

barcode2328

Reply | Quote

Thanks BobbyB for this great info. I didn’t know there was anything aside from straight DISM and NTLite. I am definitely going to try those other tools out.

I like the idea of packages as well. Dealing with 180 or so updates can lead to a mess trying to install them all at once. So yeah I think this will help streamline the process as well.

For the PS, I have been trying to manipulate the extracted .wim using just DISM or NTLite, but with both I’ve been having issues with them. With NTLite when I go and make the new .wim/ISO it fails out on some of them, but said it completed the majority of them fine. When I do the update though it says it installed them into the OS, but I’m not confident of this. With DISM I do all of the steps and it errors out on a lot of them, but injects a handful of them to the image (like 6). So both are giving me issues. I do like the idea of the tool to rebuild the ISO when unmounted though. I am going to give that a whirl.

Thanks

Reply | Quote

[BobbyB]

As an addendum to the above post and after further reading it would appear 2012 R2 Server is similar in pretty much every respect to Win8.1 not sure here whether the R2 Image has kb3000850 already in there but there is a dependency as outlined in here: https://support.microsoft.com/en-us/help/3000850/november-2014-update-rollup-for-windows-rt-8-1-windows-8-1-and-windows in which case kb2919355 would be installed first then kb3000850 second as per above Packages1 and Packages2 scenario above. using separate CMD’s negates the dependency scenario (been a while since I did a Win8.1 image so not exactly sure just so I don’t mislead you) then other Patches updates etc should get tossed in Packages3
As for VDISM its available seemingly free from Issues from this Site: https://www.stahuj.cz/utility_a_ostatni/zalohovani/vdism/ What I like is the point an click nature without copying .wim’s and .esd’s all over the place into separate folders and it has a nice little GUI so can survey progress real time in CMD prompt format. One Codecile though don’t be tempted to peruse the other features whilst running or waiting, or you’ll never get back to the original window or know if the process is finished save looking at Windows running process’s. Trust me I have been there, Grrrr But altogether a more fully featured utility that’s good from Vista until Win10. but before running make sure with, say unmounting and committing an image, you remember to select commit not Discard! not done it yet thank goodness but make sure its right otherwise literally hours of endeavour can evaporate before your eyes

• This reply was modified 5 years, 11 months ago by BobbyB.

Reply | Quote