I am trying  to  inject  the updates  into a win7 image  using wsusoffline

Posted on 2016-10-28
Last Modified: 2016-11-04
I  have removed   8  KB  that  people  have highlighted  that  can  break  the installation.
I  am  pushing  out the image  using SCCM
But  am  receiving  the  following error
Windows could not configure one  or  more system components  , To  install windows , restart ........
It has  to  be  one  of  the KBs  but  i  cant  find  out   what.
I  can  deploy WIN7_EntX64  SP1  with a hitch
Ps  using  a Vm  for  testing

any  ideas  
Question by:Roger Robinson
  • 5
  • 4
LVL 61

Expert Comment

ID: 41864927
Can you describe change that you did?
The 'people talk' does not break systems.

Author Comment

by:Roger Robinson
ID: 41865215
I am using the most recent win7 sp1 iso i have extracted the wim and using wsus offline  i have injected in all the remaining updates.FRom other websites i have removed various  KB  that may break  the installation.
Once completed I copy the wim up to SCCm and deploy  it  to my test group.
it in stall fine but on getting your machine ready screen
I get the message  ""Windows could not configure one or more system components" the machine will then reboot try again and  then iget  windows unexpectedly  started   message .
so  i need to  remove one or more KB  i guess... But i am not clever enough to determine which ones.
I believe ive taken out the ones that are dependent on net framework 4

any other suggestions  
Ps yes i know windows 7 is old   and i hope to switch to  10 in the new future , but i need this  to  work
thanks in advance
LVL 16

Expert Comment

by:Mike T
ID: 41866095

I have to ask - why are you using WSUS Offline when you have SCCM? If you have internet access it is so much easier.

I will assume that you don't have internet or the WSUS role installed.

First, a few questions:

do you have a list of the updates you have applied offline?
how did you remove the "KB"s?
what websites did you get the list of patches the allegedly break Windows

The reason I  ask is because I am currently deploying Windows 7 myself, I don't have internet access so I too installed updates offline but I avoided WSUS offline and used a script and mounted the WIM. Anyway, point is, I did not remove a single patch. I just scanned what was missing. A very important question - did you install the Windows 7 rollup first?

If not, I would start again from scratch and install the following:

Windows 7 Convenience Rollup (
August rollup (follow-up)

Then scan with MBSA and checks what's left to be installed.


Author Comment

by:Roger Robinson
ID: 41866629
Thank  You  for  your  reply
here is how  i am  doing  this ,
Extract  the  wim from sp1 disk
Launch WSUs offline   and  down load all the  updates.
on my installation  they  go  into  wsusoffline\client\w61-x64\glb
One  down loaded  i go  to  this  folder and  manually  remove  the Kbs  that  i  have  read  break  the installation. Then  i  run the  command  to  inject  the  packages, Commit  the changes   then  copy  the wim  back  to  sccm.
229 updates  were  downloaded
So  no  i  did not  install  the  roll up first  i  didn't  know  i had  too ?  i  just  presumed.

I'm  doing  it  this  way  to  start  with a fully  patched  imaged  to  deploy,  but  will  then  update  the  image  with sccm  going   forward

I  am self  taught  so  im  not  the  brightest but  i  have   downloaded  the  roll up  and  will   try  again
am i able  to scan the wim  with MBSA  or  just a deployed  PC ?

Thanks  in advance
LVL 16

Expert Comment

by:Mike T
ID: 41866656

You build a machine, apply the rollup and then scan with MBSA, either installing it local, or better remotely from an admin machine.

You missed some answers: do you have internet access?
If you *do* then I strongly recommend scrapping WSUS Offline. It is meant purely for people who need to patch when away from any network that has internet.

I would like to give you a fuller answer but that would really take a small chapter worth of words.

Apply the rollup and scan it. That will give you a list.

You also need to research something called "build and capture". That is the officially recognised method of doing all this.

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.


Author Comment

by:Roger Robinson
ID: 41866680
Yes  i  have  internet  access
and  have  successfully  patched a thick image on deployment using  wsus  in SCCm .
But  i wanted to explore a thin  image  then deploy  the apps separately  and  had  read  that WSus  offline was a good way  to  go ...........

Okay  so  you  recommend:-  deploying an image  to a machine ( Vm ) patching  it.  then  capture  that  image  back  as  your  reference  image ?
okay  ill give  that a go
LVL 16

Expert Comment

by:Mike T
ID: 41866705

Thin images are also highly recommended.

I'll give a very brief outline:

1) Create a Reference image - this is "thin"
2) use MDT 2013 update 2 (+ WDK)
3) Build and Capture
4) Import the WIM into SCCM
5) Deploy with drivers, apps and tweaks

Thin = Gold OS (from ISO) + .Net 4.5 + Visual C++ + convenience update + latest monthly rollup
Thin image Mechanism to use = MDT + WSUS with rule approving critical updates

That's the ideal setup. You *can* use SCCM to do the same thing but MDT is just better at it.


Author Comment

by:Roger Robinson
ID: 41866716
Ive  Incorporated MDT  into   SCCm . I am currently using MDT  boot,  but  not  the task  sequence  yet. But  that is  going to  be  my  next  step.
Am  i not  using  the  build and capture task  within SCCm to  capture  the  reference machine ?

Thanks  again  i will give  it a go
LVL 16

Accepted Solution

Mike T earned 500 total points
ID: 41866884
That's kind of my point.

You can use MDT as a complete standalone tool to create the reference (thin) image
you can do the whole thing with SCCM.

Both ways, require creating a Reference image first. Which you choose is up to you, and will depend on your experience.

What you mention above is "MDT integration" with SCCM. That is another matter altogether. Good but not the same.


Author Closing Comment

by:Roger Robinson
ID: 41874368
Mike  Pointed me  in the  right Direction  Thanks

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

System overheating may become a serious problem if not taken care of at the proper time. I am writing this article because I faced a similar problem. Intro All electronic devices produce heat, but computers are a special case - the processors bo…
Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now