The people who are following me on Twitter might have noticed that I am playing around with OSDBuilder lately. What is OSDBuilder? It is a PowerShell module from David Segura which allows you to do apply several customizations to a Windows OS image. Before I was using OSDBuilder there always have been the same repeating challenge in a four-week cycle: How is the fastest and most reliable (automated) way to deploy my machines with the latest updates after M$ Patch Tuesday? First let’s have look what options do we have without OSDBuilder?
Option #1 – WSUS
You are deploying a standard task sequence and applying the Windows Updates from your WSUS server during the OSD installation.
Option #2 – Integrate Updates into Workbench
Automate the download of Cumulative Updates from Windows Update Catalog and import the .msu or .cab files into the Deployment Workbench.
Option #3 – PowerShell
You are using a PowerShell Wrapper to install the .msu files during the OSD installation.
What do all the mentioned solutions have in common?
They are too slow! Option #2 and Option #3 can take up to 40 minutes only for installing the latest Cumulative/Adobe Security Updates. We better don’t talk about Option #1 WSUS because this will take for a decade or maybe even more.. This is a horror for everyone who just wants to rollout a new machine for staging and is totaly unacceptable in my opinion.
How can OSDBuilder help?
With the framework from David we can inject the latest updates into the install.wim and deploy our machines directly with the latest patch level. We only need to apply the “update procedure” once and can use the modified install.wim for n-machines. But it is not only about injecting updates you also get the possiblity to add .NET Framework 3.5 and language packs which is going to save you valuable time during the deployment because DISM is not the fastest piece of technology. You don’t need to worry about downloading updates files and checking dependencies from previous updates. Everything is automated. I am going to show you how to do some basic stuff with OSDBuilder. Please check the OSDBuilder Docs for detailed informations.
Is it possible to automate the whole process?
Of course. I wrote a PowerShell script which you can find in my Github repository. Create a schedulded task and run the script monthly after Microsoft released new updates. Before using the script make sure to fit the custom variables to your environment.
$Trigger= New-ScheduledTaskTrigger -Weekly -WeeksInterval 4 -DaysOfWeek Tuesday -At 10pm
$User= "NT AUTHORITY\SYSTEM"
$Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "C:\Scripts\OSDBuilder\OSDBuilder.ps1"
Register-ScheduledTask -TaskName "OSDBuilder" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest –Force
Result: A new OS-Build got created and imported into the MDT Deployment Workbench. It will always create a new folder “OSDBuilder”+ DateStamp under Operating Systems.
The following steps are showing the manual process of using OSDBuilder.
Install OSDBuilder & Import the Operating System
Install-Module -Name OSDBuilder -Force
Import-Module -Name OSDBuilder -Force
Mount the Windows Server ISO. I am using Windows Server 2016. If you already have the sources inside your MDT share you can create a SUBST to skip the ISO mount action > subst e: “C:\Hydration\Operating Systems\VLSC-W2k16”
Choose the version (Standard|Datacenter) you would like to import and get a coffee because this will take some time. Multiple selections are possible.
Import Language Packs
Create a folder with the release ID of your OS under “C:\OSDBuilder\Content\IsoExtract
Example: Windows Server 2016 1607 Language
Copy the folders from the M$ Language Pack ISO containg the .cab files to “x64\langpacks”
Update the OS-Media
Now it is time to inject the latest available cumulative updates. This going to take about 30 minutes. Make sure that the server can reach Windows Update becaue the script is going to download the needed system updates.
Update-OSMedia -Download -Execute -SkipComponentCleanup
If you are going to install PVS Target Device Driver during a Task Sequence make sure you skip the “Component Cleanup”! This will break your installation and the VM will end up in a boot loop to Windows recovery mode. Thanks to Mario Hohlmesser who found this out the hard way (me included).
Create an OSBuildTask
The next step is to create an OSBuildTask. You can specify what you want to include for example: .NET 3.5, Language Packs, drivers and enable optional features.
New-OSBuildTask -TaskName Build-031819 -EnableNetFX3
Select the language packs to apply.
This will result in a .json configuration file you need to use for creating a new OSBuild. You will find it under “C:\OSDBuilder\Tasks\OSBuild Build-031819.json”.
Create an OSBuild
This will create your final install sources which can be used for deploying the machines.
New-OSBuild -ByTaskName Build-031819 -Execute -SkipComponentCleanup
Import the Reference Image into MDT
Now we can import the Reference Image into the Deployment Workbench and assign it to a Task Sequence.
How can I choose which updates are getting applied?
Every release of OSDBuilder is associated with the corresponding monthly updates. The information is located in a .xml file under: “C:\Program Files\WindowsPowerShell\Modules\OSDBuilder\BuildNumber-xxxx\Catalogs”
We are creating an OSBuild with Patchlevel “2019-03” in this blog. If you want to integrate Patchlevel “2019-04” on the upcoming patch tuesday you need to update the OSDBuilder PowerShell Module first. Otherwise you will not be able find any new updates.
If you have enough disk space just keep the created OSBuilds in an archive and you can easily jump forwards and backwards to specific PatchLevels.
Cleanup the Mount Directory
It could happen that you suddenly run out of disk space because for example you stopped a task during execution and the mountpoints are still available. In my case this have been 33.4GB.
I hope I could show you some of the hard work David put into his framework. He really did a hell of a job which is saving us a lot of time and headache. Please make use of his OSDBuilder and share it with your colleagues and friends.
1. Can you show a manual step-by-step how-to create an up up-to-date ISO of Windows 10 & 7 using the Media Creation Tool, and using OSDBuilder to keep it updated?
2. ASDBuilder (Application Software Deployment Builder) – is it possible to also update or embed application in the install media the same way we do drivers & patches, and also keep them up-to-date as well?
1. Just follow the steps with your Windows 10 ISO. I think Windows 7 is not supported by OSDBuilder.
2. Never heard of ASDBuilder. You can’t update applications. Please check the docs for all available functions.
To apply additional language packs I had to add the parameter “-ContentLanguagePackages” to my New-OSBuildTask.
The operating system I am going to deploy is Windows 10 1809.
Love the script you build! It works very well. Would it be hard to have the script patch multiple medias? For instance if you have multiple Win10 versions you need to patch or if you have multiple languages (not language packs, but medias).