Download Windows Security Updates for MDT (packages) offline deployment

  • Deploy your MDT image
  • Install Microsoft Baseline Security Analyzer (MBSA)
  • Scan
  • MBSA saves the result under the current user profile directory – %USERPROFILE%\SecurityScans
    Powershell Script to download the missing updates
    [code language=”powershell”]
    [xml] $MBSAResult = Get-Content ‘.\SecurityScans\WORKGROUP – I3-PC (10-11-2015 8-03 PM).mbsa’
    $MBSAResult.SelectNodes("//UpdateData") | ? { $_.IsInstalled -eq "false" } | % {
    $URL = $_.References.DownloadURL;
    Start-BitsTransfer -Source $URL -Destination C:\MDTPackages
  • import these packages in to MDT and these get automatically installed by DISM during the deployment

Note: At the time of writing this post Microsoft Baseline Security Analyzer version 2.3 contains the DownloadURL in the xml blob & hence was able to pull the update cab file, not sure if this would be the case in the future releases of MBSA.
Some update cab files might get rejected by MDT (eg: office/.net/silverlight)

Leave a comment

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux