When deploying Windows 7, it is important to have the operating system fully patched as soon as it is deployed. A newly deployed Windows 7 system missing security updates represents a security vulnerability and a risk to the corporate network. Deploying Windows 7 with System Center Configuration Manager (SCCM) allows you to easily install the latest security updates during operating system deployment (OSD) without having to update the master image every time software updates are released.
To be able to deploy software updates during the deployment of Windows 7 using SCCM, the Microsoft Deployment Toolkit (MDT) 2010 Update 1 must be integrated with SCCM. To integrate it, install MDT 2010 on your existing SCCM site server. Then click on Configure ConfigMgr Integration in the Microsoft Deployment Toolkit program group.
This integration will add MDT task sequences to SCCM. When you right-click on Task Sequences in the SCCM console, there’ll be a new option to access the MDT task sequences.
To install software updates while Windows 7 is being deployed using SCCM, the Install Updates Offline task should be used in the task sequence used to deploy the OS. This task will install all the software updates included in a specific SCCM deployment package after the image has been applied to the disk. This task should be placed in the PostInstall group just before the Configure task. To insert the task, select the task just above the Configure task, and then click on Add in the pull-down menu bar on the top, hi-lite MDT and click on Install Updates Offline as illustrated below.
Configure the task by browsing to select the Updates package that contains the security updates that you want to install.
You can add as many Install Updates Offline tasks as needed as only one package can be included per task.