ASK MDT Guy: Updates in MDT take forever… HELP!

Today’s Question comes from a reader named Walter, and he wants to know about updates in task sequences.

Question: When I deploy Windows 7 from the Media Install files and the task reaches the “State Restore” and begins with the Windows Update pre and post application installation. The deployment process can literally take hours to complete. If I disable the Windows Update pre and post application installation the process then is really completed in less than 10 minutes.

1. Why does it take so long?

2. Does the target machine pulls the updates from MS or does get the updates via the MDT machine?

3. Aside from building a WIM that has all the updates, is there a way to speed up this part of the process?


These are all really good questions.

This is typical, an unpatched image can take hours and hours to patch, depending on the starting point and your internet connection speed. Now, I use SP1 media and inject a hotfix rollup from last summer and there’s still over a hundred updates it still needs to run. I can only imagine if you’re missing SP1 and/or the hotfix rollup its going to take even more time, as these patches vary from anywhere to just a few Kb to over ten megs. Some take just a mere second, and some like dotnet framework updates can take several minutes, and when those updates are done, they need updates. Yes, updating your updates, fun I know.
When the State Restore phase starts the windows update, it’s calling to a script called ZTIWindowsUpdate.wsf. Unless you specify in MDT to look for a WSUS server, you’re going to be pulling from Microsoft’s Windows Update servers.
As far as speeding this up, yes, you could inject the post Win7 SP1 hotfix rollup from Microsoft or better yet, get a WSUS server setup. If you don’t have a WSUS server handy, there are a few other steps you could do. But for now, start with adding the hotfix rollup, its like 90 updates out of the way.
Info on the HotFix Rollup:
Add a step in the task sequence to install the latest version of IE BEFORE patching starts. This really helps because that way you’re not upgrading to IE 9, patching and then upgrading to 10, patching, and then upgrading to 11, and yes, then doing more patching.
Block updates you don’t need, I don’t think you really need the Bing Toolbar, so block the ones you don’t need in the customsettings.ini file.
I actually use MDT to build my images in a VM. I simply use the standard client task sequence, have it capture, use the LTISuspend.wsf script, and make my customizations then.
Info on Adding IE 11 to your image:
For more questions and answers: See the Ask MDT Guy Page