Best way to manage windows updates?

[C Thelen]

Currently, our plan is to have a monthly ritual of:

1. Update the golden image from within its VM
2. Capture the new golden image from the console
3. Update all answer files to use the new image
4. Re-create all the installation media with the new image

Also, to keep workstations in storage up to date, we will have to boot them and re-image them as part of this ritual. 

 

Is there another established way of accomplishing this?

[SmartDeploySupport]

Hello,

The process you've laid out is certainly one way to do it - and if you want to reimage your endpoints each month, there's no reason why it wouldn't work for that purpose. You'll just want to make sure that you do not install any feature updates/in-place upgrades onto your reference VM. The Windows 10 Release Information page will give you the current servicing dates for each release of Windows 10 - the general rule (for Enterprise and Education SKUs) has been that the release in the first half of the year (such as 2004 and 21H1) will be serviced for 18 months, and the release in the second half (such as 1909 and 20H2) will be serviced for 30 months. This means that a particular version of Windows 10 can be kept completely up-to-date and security-patched even as several more versions are released in the interim.

If you want to manage Windows Updates without reimaging your endpoints, you'll want to look at setting up a WSUS server, as this will allow you to control Windows Update installation behavior and compliance on domain-joined endpoints without reimaging them.

If you have questions, feel free to reach out to support@smartdeploy.com.

Glenn
SmartDeploy Support

[Aaron@Shared]

@C ThelenOne catch to the process is if there is a major Windows release (ie 21H1 or 21H2). You want to avoid those updates in your golden image. I am currently performing the same steps as you since my boss wants the images to have the latest updates to speed up the deployment of machines faster. But I am overwriting the image file when capturing so I do not need to redo the USB deployment media since we are using the "Boot media" and not WDS or Offline USB.