I'd like to be able to add a final step in our OSD deployment in SCCM to connect to an internal WSUS sever for updates. Once we install the SCCM client during the deployment all direction for updates points to our SCCM server. I'd like to do a final WSUS scan and update before deployment somehow. Seems to me that someone has created a script to do this however I can't find it.Orange County District Attorney

You are correct, multiple people have done that already. A quick forum search already returned two examples: http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/06c5ac38-1726-4344-9022-71c1eeef6060 http://social.technet.microsoft.com/Forums/de/windowsservergewusstwiede/thread/71a74c16-cda2-4235-8e77-d5ea267bc823 My Blog: http://www.petervanderwoude.nl/

Sandy, have you deployed an internal Software Update Point (basically a SCCM integrated WSUS setup)? If so, part of the OSD setup lets you assign a step for "Install Software Updates", and you can add as many of these as you like. I usually do 2 with a reboot in between. Sometimes you get a dependency that won't show the second update until the first has gone through. In your Task Sequence, look for the State Restore section. In it you can see a Install Software Updates task. To add a reboot, click on the Install Software Updates and then click Add at the top, then expand General, and choose Restart Computer. Click in the new Restart Computer entry on the left, and then choose "The Currently installed default operating system" on the right. I like to Uncheck "Notify the user before restarting" so it happens quickly. Then go back up to Add and then General again and choose Install Software Updates. I like to let it figure out what it needs so I choose All Software Updates for update install entries. I am sure Peter's links are good, but I was bored. Waiting for some captures and deployments to finish here at my desk.Anything worth doing is worth doing right.

I did see the Install Software Updates Task however I didn't think it had the same functionalilty as a WSUS scan-and-deploy feature. I've configured a separate WSUS server to automatically approve and install Windows 7 updates which I don't want to do on my SCCM / WSUS integration.Orange County District Attorney

Thanks Peter. I can work with these scripts.Orange County District Attorney

I used to wonder why people screamed NOOOOOOOOO every time somebody in here mentioned doing things manually or using something else for a step. I get it now. It just ends up making more work later. As long as you are happy though, have at it. I had to undo a lot of stuff I spent time on myself and ended up just using an integrated setup.Anything worth doing is worth doing right.

Do you have to deploy all your updates for the Install Software Updates to work?Orange County District Attorney

You have to deploy anything you want to install. What I typically do is let my clients check for things on a daily basis and that will let me know what they think they require. Then I have a search folder set up that shows me Non-deployed patches that are not expired or superceded. I then sort by the Required column and that will be everything that you need to deploy that have you chosen to scan for in your setup. The WSUS method is kind of nice in that you can decline a patch and it goes away (IE, the Browser Choice Screen for EEA users would be nice to hide), however, it doesn't give you a lot of the distribution and installation controls that SCCM brings to the table. Unless you have some very specific need to break things out by product its really more work down the line. As it is now, you have two environments for everything right? Not exactly twice the work but I guess I fall under the "do it only once if you can possibly help it" philosophy. Anything worth doing is worth doing right.

OK, I see what you're saying. Still, I prefer to let WSUS do all the heavy lifting during a OS Deployment. I don't have to touch anything and then at the end I have a freshly minted patched machine without have to pre-deploy any updates. To each his own.Orange County District Attorney

Of course. At the end of the day, as long as you are happy, these are only tools. Honestly I do wish that SCCM was a bit more like WSUS, but I wouldn't trade anything away.Anything worth doing is worth doing right.