how to integrate/slipstream new updates

[TomF]

I'm new to this and to Win7, my terminology may not be accurate. For the first time, yesterday I created custom media for installing Win7 and used it successfully. It was really easy.

Essentially, I created and executed a slip.cmd file. The file contained various dism commands. My approach was similar to/ adopted from Winaero. I started withen_windows_7_professional_with_sp1_x64_dvd_u_676939.iso downloaded from some website that I partially trusted. The sha1 hash matched the one I found on the Microsoft site, so I proceeded under the assumption that the iso was identical to Microsoft's. Thus my 1st question: are there any reports of nefarious Win7 iso's with the correct hash?

After dism'ing the preliminary updates/rollups, I continued with the Jul, Aug, Sept and Oct rollups mentioned on Microsoft's update history page. It seemed some of those contained previous ones. Even though I wasn't sure if duplications would cause problems, I went ahead and added them one by one in chronological order. Thus my 2nd question: will my negligence in attention to duplicates cause problems down the road?

I used my customized install media to do a fresh install on a disk, deleting all the partitions as one of the preliminary installer steps. The install proceeded without issues. I installed some hardware drivers, etc, then ran WindowsUpdate, which finished in short time. Windows Update found 58 additional updates and was successful in installing 57. The computer is now waiting to be rebooted. Here is my main question: how can I added those 57 updates to my custom install media? Are the msu's in some folder somewhere? If not, is there some list of the update numbers somewhere (to manually download the 57 msu's)? (fwiw, the windows-7-sp1-x64-enu.ulz xml file does not contain any 2016 dates, so it does not have what I am after). I expect there are programs that I can download and run that will do this for me, but I am stubborn about adding them with dism commands that I will write into a slip.cmd file.

My last question: I activated Win7 OEM with slmgr commands. How can this step be added to my custom install media?

 

[Megahertz07]

If you don't trust the ISO you've downloaded, you can download Win 7 from MS from here Windows 7 Disc Images
or from here Microsoft Windows and Office ISO Download Tool.

To find out the updates installed, open Control Panel\All Control Panel Items\Windows Update at the left bottom you'll see Installed updates. Open it. You will have the list of all installed updates. You can search the web and download them.
You can also add them to the installation media with dism.

 

[SIW2]

[19 octobre 2016] Update list GDR pour Windows 7 SP1 x86/x64 (Fr-En-De-Es-It) - Windows 7 et 8 - WinCert.net Forums

 

[TomF]

If you don't trust the ISO you've downloaded, you can download Win 7 from MS from here Windows 7 Disc Images

The used machine came without a hard drive and with the label obscured. (Based on the machine's serial number, the manufacturer website said it shipped with Win7 Pro, thus it seemed legit to activated per oem using ilc commands.)

I

or from here Microsoft Windows and Office ISO Download Tool.

At best, that just transfers the trust issue from the iso to the program. I am curious if there are any reports of nefarious Win7 ISO's that manage to have the correct SHA1 hash.

I
To find out the updates installed, open Control Panel\All Control Panel Items\Windows Update at the left bottom you'll see Installed updates. Open it. You will have the list of all installed updates. You can search the web and download them.

I used that approach to verify that my fresh install did in fact contain the updates/rollups that I had slipstreamed/integrated into to my custom media. AFAIK, there is not anything one can do with that list. For example, one can't export to file, or copy/paste, so downloading them means typing out all the KB numbers. Also, while most of the updates have KB numbers in parentheses in the name field, some don't, so I am not sure how to track down those updates.

 

[TomF]

I may have found what i need, or maybe not.

I drilled to \Windows\SoftwareDistribution\Download. After poking around a bit, I searched that directory for windows6.1-kb*cab. It found 57 files named like windows6.1-kbxxxxxx-x64-express.cab. That number, 57, is the same as the number of successfully installs reported by WindowsUpdate (out of 58). Importantly, each of the 57 files has a KB number (unlike the history page in the WindowsUpdate program)

So a new question: Are those 57 express.cab files appropriate for dism'ing to my install media or do i need to get some other file associated with the KB numbers? It'd be sweet if there is a single dism command line that could be applied to the \Windows\SoftwareDistribution\Download directory with an option like /recursive that is used for adding drivers.;

 

[TomF]

EDIT: after reading the comments on the 4sysops.com webpage, it looks like this approach does not work with the express.cab's that are in my
\Windows\SoftwareDistribution\Download.

---------------------

I may have found the answer to the even bigger question. Here is the punch line:

Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U”

Question is: How does this command manage to slipstream them in the correct chronological sequence?

Here is the full paragraph:

Use DISM to slipstream updates - 4sysops

To use this method, you will need to set up a fresh machine and let it fully update. .... When your first machine is fully patched, head back to your administrative command prompt and type the following:

Start /w for /R \\UPDATEDMACHINE\C$\Windows\SoftwareDistribution\Download\ %f in (*.cab) do DISM /image:C:\Mount /add-package /packagepath:”%U”

 

[TomF]

Came across another way to get a list of KBs: run systeminfo.exe from the command line. On my machine, that method reports 72 KBs.

I had inserted 18 msu's into my Win7SP1 image.

kb3020369

kb2670838
kb2685811
kb2685813
kb2900986
kb3059317
kb3102810
kb3138612
kb3140245
kb3145739
kb3153199
kb3156017
kb3156417

kb3125574

KB3172605
KB3179573
KB3185278
KB3185330

After installing that image, WindowsUpdate quickly found 58 more updates and reported it was successful installing 57 of them.

57+18=75

Not sure the source of the discrepency between 72 and 75. One msu that I had inserted, KB3185278, the Sept 20 rollup, is not listed amoung the 72. Perhaps the Oct 17th rollup KB3185330 (also inserted) contains it. But the July21 and Aug 16 rollup msus (KB3179573 and KB3185278) are listed amoung the 72.

EDIT: the WindowsUpdate page the shows the update history has 72 items listed, all of which have KBxxxxxxx numbers except for 3: IE11, En Hyphenation and EN Spelling.

 

[SIW2]

Use this to get the download links: WindowsPatchLoader Download

Search updates>Installed updates ( takes a minute or two ). Then you can either d/l them, or MENU>export links.

 

[TomF]

Thanks, can you post an example of the links that it generates?

 

[SIW2]

Available Download Links 

Windows 7
==========
http://download.windowsupdate.com/c/msdownload/update/software/uprl/2013/10/ie11-windows6.1-x64-en-us_ddec9ddc256ffa7d97831af148f6cc45130c6857.exe


http://download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows6.1-kb3177467-x64_7203ed8c6247dc914f8a3c95f64d754fe651f998.cab
http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/10/windows6.1-kb3097989-x64_892eaa91fcd986ed1249fceb875118bd63646266.cab
http://download.windowsupdate.com/c/msdownload/update/software/secu/2014/07/windows6.1-kb2943357-x64_dc59f4f51d16484d7b72cb38d8b8931f7e38e524.cab
http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/02/windows6.1-kb3035126-x64_adbc52e8abd005e2e8b9e02325cfe45717a2b0ee.cab
http://download.windowsupdate.com/msdownload/update/software/updt/2012/10/windows6.1-kb2647753-v4-x64_914b532ff017845fce137abf4e21730df3a5525b.cab

ETC.

 

[TomF]

Thanks. Take kb3177467 for example. Using wget/curl and the 3 URLs below, one can download these three files:

windows6.1-kb3177467-x64_7203ed8c6247dc914f8a3c95f64d754fe651f998.cab
windows6.1-kb3177467-x64_42467e48b4cfeb44112d819f50b0557d4f9bbb2f.msu
Windows6.1-KB3177467-x64.msu

http://download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows6.1-kb3177467-x64_7203ed8c6247dc914f8a3c95f64d754fe651f998.cab

http://download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows6.1-kb3177467-x64_42467e48b4cfeb44112d819f50b0557d4f9bbb2f.msu

https://download.microsoft.com/download/2/4/7/247BDD8A-6AAE-4466-B137-3B2918D0CEAB/Windows6.1-KB3177467-x64.msu

That first URL (for the cab) is from your export example.

The two msu files are identical in size (9319), the cab is a bit smaller (9146). The filenames contain the sha1 hashes.

 

[TomF]

Jackpot!

Urthboundmisfit wrote "I grabbed a direct d/l link (x64) from Windows Update log"

The log itself is in plain text c:\windows\WindowsUpdate.log.

The file is verbose but buried inside are all the direct download links.

last step is to script:
1) parse the log for URLs of the installed msu's
2) curl/wget the all the msu URLs into a directory
3) sort the msu's based on the timestamps of the cab files in \Windows\SoftwareDistribution\Download\*
4) dism the directory into the image

 

[TomF]

another way to get listing of installed updates:

TechNet Wiki

wmic qfe list full /format:htable > hotfixes.htm

Also, the update history is available through the link in WIndows Update, I

it also available in a different format through ControlPanel> Programs >Programs and Features > Installed Updates

Still, the amazing thing is that the plain-text log file reports all the complete URLs for msu's of the installed updates.

 

[SIW2]

"the plain-text log file reports all the complete URLs"

Yes. That is why I suggested the program to you.

 

[TomF]

there is no need to download/install/learn/maintain/deal-with-its-bugs any program, the msu URLs are already available in plain text in the windowsupdate log file, free for the greping.

 

[SIW2]

Yes, we know that.